Hello Savannah Hackers, yesterday I've re-enabled the script that automatically checks out the website repositories for all the gnu and non-gnu projects, including the main website.
I've also somewhat hardened the configuration of the gnu.org and nongnu.org virtual hosts. In particular, * symlinks are no longer followed * Server Side Includes are now completely disabled except for the main site * it is no longer possible to execute CGIs from Server Side Includes * mod_php is no longer installed * mod_python is now disabled everywhere except for the internal new-savannah-project script The following Apache features are enabled for all gnu projects: Options Indexes MultiViews Limit AllowOverride Indexes FileInfo Limit The following Apache features are enabled for all nongnu projects: Options Indexes Multiviews AllowOverride None Let me know if the new configuration broke something important. If the current settings seem excessively restrictive, we could re-enable specific features on a case-by-case basis. Turning off FileInfo would actually have been good, because it enables a bunch of scary directives in .htaccess, but there are way too many projects already using Redirect and RedirectMatch. Converting them all would be impractical. -- Bernie Innocenti Systems Administrator, Free Software Foundation