Hello, I am contacting you because you are listed as maintainer of a package that provides the httpd virtual package. (grep-aptavail -F Provides httpd)
The Debian Policy currently specifies that /usr/share/doc/“package” is served on localhost by web servers. This has been discontinued with apache2 because it lead to possible risks of executing example scripts that were not intented for that purpose. (http://www.debian.org/security/2012/dsa-2452) We are considering removing the specification about serving /usr/share/doc/“package” (see below), but before doing so, I would like to know if this is a feature that is also provided by the web server you maintain. > > diff --git a/policy.sgml b/policy.sgml > index 1508231..2651a1a 100644 > --- a/policy.sgml > +++ b/policy.sgml > @@ -9668,27 +9668,6 @@ http://localhost/cgi-bin/<var>cgi-bin-name</var> > before <var>cgi-bin-name</var>). > </item> > > - <item> > - <p>Access to HTML documents</p> > - > - <p> > - HTML documents for a package are stored in > - <file>/usr/share/doc/<var>package</var></file> > - and can be referred to as > - <example compact="compact"> > -http://localhost/doc/<var>package</var>/<var>filename</var> > - </example> > - </p> > - > - <p> > - The web server should restrict access to the document > - tree so that only clients on the same host can read > - the documents. If the web server does not support such > - access controls, then it should not provide access at > - all, or ask about providing access during installation. > - </p> > - </item> > - > <item> > <p>Access to images</p> > <p> Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
