Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
Charles Plessy ple...@debian.org writes: Le Mon, Jun 14, 2010 at 04:21:31PM +0900, Charles Plessy a écrit : I have panicked a bit, thinking that webservers will not look in /usr/lib/cgi-bin/ recursively. Also, I was shied by the Should level of the recommendation (§11.5), understanding it like a strong request to use that place, not like an indication that there can be a benefit to use it in some cases. I forgot to mention: I second the patch in message 38. Thanks! I'm merging this change now. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
Le Mon, Jun 14, 2010 at 04:21:31PM +0900, Charles Plessy a écrit : I have panicked a bit, thinking that webservers will not look in /usr/lib/cgi-bin/ recursively. Also, I was shied by the Should level of the recommendation (§11.5), understanding it like a strong request to use that place, not like an indication that there can be a benefit to use it in some cases. I forgot to mention: I second the patch in message 38. Have a nice day, -- Charles -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
Le Sun, Jun 13, 2010 at 09:31:03AM -0700, Russ Allbery a écrit : Charles Plessy ple...@debian.org writes: will web servers find the CGI scripts automagically in /usr/lib/cgi-bin/package? That's the implication of this section. Web servers should be configured to serve that location by default. This is pretty widely used already in Debian. Hi Russ, I have panicked a bit, thinking that webservers will not look in /usr/lib/cgi-bin/ recursively. Also, I was shied by the Should level of the recommendation (§11.5), understanding it like a strong request to use that place, not like an indication that there can be a benefit to use it in some cases. Sorry for the noise, and have a nice day, -- Charles -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
Le Sat, Jun 12, 2010 at 12:35:41PM -0700, Russ Allbery a écrit : Despite its age, this bug is rather straightforward and is something we really should have fixed years ago. The current wording around locations of CGI programs implies that subdirectories of /usr/lib/cgi-bin may not be used, but of course this is very widely used in packages already in the archive and works with a typical web server configuration. Here is a patch that explicitly allows this. Hi all, will web servers find the CGI scripts automagically in /usr/lib/cgi-bin/package? If not, there is not much advantage to move them under /usr/lib as it is done now. Most other parts for packaged web sites are already in /usr/share/package. For simple sites, having the CGIs in /usr/lib/cgi-bin/ makes the maintainer's task simpler as he does not have to write webserver configuration files, but for more complex packages, it sometimes makes the task harder, for instance when the CGI scripts need to be patched because relative links are broken by the move. There were discussions along those lines on debian-devel a couple of monthes ago. I suggest to seriously consider to drop the requirement to separate the CGI scripts from the other files of the packaged websites. Have a nice day, -- Charles Plessy Illkirch, France -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
On Sun, Jun 13, 2010 at 06:03:12PM +0900, Charles Plessy wrote: If not, there is not much advantage to move them under /usr/lib as it is done now. Most other parts for packaged web sites are already in /usr/share/package. For simple sites, having the CGIs in /usr/lib/cgi-bin/ makes the maintainer's task simpler as he does not have to write webserver csonfiguration files, but for more complex packages, it sometimes makes the task harder, for instance when the CGI scripts need to be patched because relative links are broken by the move. There were discussions along those lines on debian-devel a couple of monthes ago. I suggest to seriously consider to drop the requirement to separate the CGI scripts from the other files of the packaged websites. i don't think there's any *requirement*, as this is all in should statements. in isolation from outside context i think the change russ describes makes sense, but generally speaking i think the web-related suggestions in policy are very dated and much of it ought to be phased out in deference to the webapps policy (or the webapps policy phased in) sean signature.asc Description: Digital signature
Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
First off, I'm not sure what this discussion has to do with this proposal? It might just be a tangent prompted by seeing a mention of this part of Policy, which is fine, but I'm worried that I didn't explain the proposal very well, since this seems unrelated. Charles Plessy ple...@debian.org writes: Le Sat, Jun 12, 2010 at 12:35:41PM -0700, Russ Allbery a écrit : Despite its age, this bug is rather straightforward and is something we really should have fixed years ago. The current wording around locations of CGI programs implies that subdirectories of /usr/lib/cgi-bin may not be used, but of course this is very widely used in packages already in the archive and works with a typical web server configuration. Here is a patch that explicitly allows this. will web servers find the CGI scripts automagically in /usr/lib/cgi-bin/package? That's the implication of this section. Web servers should be configured to serve that location by default. This is pretty widely used already in Debian. There were discussions along those lines on debian-devel a couple of monthes ago. I suggest to seriously consider to drop the requirement to separate the CGI scripts from the other files of the packaged websites. I think this is a different question and a different bug. It's probably something that we should discuss as part of incorporating the webapps policy. -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
On Sat, 2010-06-12 at 12:35 -0700, Russ Allbery wrote: Rémi Perrot remi.per...@torrep.org writes: In section 12.5 of the policy it like that it is not possible to put cgi script in /usr/lib/cgi-lib/package-name/cgi-name If this is true, we will have more and more file name conflict, and these conflict are quite hard to resolve due to link change across the application. These already many package that violate this rules. If this is false, please can we have more explanation in the policy. Despite its age, this bug is rather straightforward and is something we really should have fixed years ago. The current wording around locations of CGI programs implies that subdirectories of /usr/lib/cgi-bin may not be used, but of course this is very widely used in packages already in the archive and works with a typical web server configuration. Here is a patch that explicitly allows this. Objections or seconds? diff --git a/policy.sgml b/policy.sgml index 720150d..7dd0785 100644 --- a/policy.sgml +++ b/policy.sgml @@ -8184,11 +8184,13 @@ done example compact=compact /usr/lib/cgi-bin/varcgi-bin-name/var /example - and should be referred to as + or a subdirectory of that directory, and should be + referred to as example compact=compact http://localhost/cgi-bin/varcgi-bin-name/var /example - + (possibly with a subdirectory name + before varcgi-bin-name/var). /item item Seconded. Cheers, Andrew. -- andrew (AT) morphoss (DOT) com+64(272)DEBIAN Wrinkles should merely indicate where smiles have been. -- Mark Twain signature.asc Description: This is a digitally signed message part
Bug#104373: Subdirectory under /usr/lib/cgi-lib should be explicitly allowed
Rémi Perrot remi.per...@torrep.org writes: In section 12.5 of the policy it like that it is not possible to put cgi script in /usr/lib/cgi-lib/package-name/cgi-name If this is true, we will have more and more file name conflict, and these conflict are quite hard to resolve due to link change across the application. These already many package that violate this rules. If this is false, please can we have more explanation in the policy. Despite its age, this bug is rather straightforward and is something we really should have fixed years ago. The current wording around locations of CGI programs implies that subdirectories of /usr/lib/cgi-bin may not be used, but of course this is very widely used in packages already in the archive and works with a typical web server configuration. Here is a patch that explicitly allows this. Objections or seconds? diff --git a/policy.sgml b/policy.sgml index 720150d..7dd0785 100644 --- a/policy.sgml +++ b/policy.sgml @@ -8184,11 +8184,13 @@ done example compact=compact /usr/lib/cgi-bin/varcgi-bin-name/var /example - and should be referred to as + or a subdirectory of that directory, and should be + referred to as example compact=compact http://localhost/cgi-bin/varcgi-bin-name/var /example - + (possibly with a subdirectory name + before varcgi-bin-name/var). /item item -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org