This one time, at band camp, sean finney said:
> hi,
>
> On Wed, May 03, 2006 at 03:02:49PM +0200, Alexis Sukrieh wrote:
> > W: bugzilla: file-in-usr-lib-cgi-bin usr/lib/cgi-bin/bugzilla/
> > N:
> > N: Packages shipping web server CGI files should install them in
> > N: /usr/lib/cgi-lib, not in /usr/lib/cgi-bin. This is done to avoid
> > N: conflicts with the cgi-bin script alias, which is reserved for the
> > N: local use of webmasters. Web servers should include /cgi-lib/ as a
> > N: standard ScriptAlias pointing to that directory.
>
> this is a surprising change. guess that's what i get for not being
> subscribed to -policy :)
>
> first, i don't really see what the merit is of moving files from
> /usr/lib/cgi-bin to /usr/lib/cgi-lib.
This is, IMHO, a very awkward, to say the least, change. There are
currently at a rough guess:
steve@gashuffer:~$ apt-file search cgi-bin | awk -F: '{print $1}' | sort -u | wc -l
135
more than a few packages using cgi-bin. Most of the httpds Debian ships
are not trivially modifiable (no run parts directories like the
apaches). And the benefit is, what? Web developers can write
unhindered to /usr/lib? Sorry?
It seems that more and more 'cgi' programs are moving away from using
cgi-bin anyway, and that as time goes on, this will be a non-issue. I
know that certainly as a policy decision at most sites I administer, I
disable direct access to /usr/lib/cgi-bin, precisely because I don't
like newly installed but unconfigured packages being web accessable.
So, we now have 135 RC bugs, plus one more for each noncompliant httpd.
Oh, well.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature