On Sun, Oct 5, 2008 at 5:35 AM, Pierre Habouzit <[EMAIL PROTECTED]> wrote: > On Sat, Oct 04, 2008 at 02:33:08AM +0000, Rodrigo Campos wrote: >> Package: lighttpd >> Version: 1.4.19-5 >> Followup-For: Bug #499334 >> >> The fix allows CGI execution only from localhost. If you enabled cgi module >> you >> probably don't want it to work only from localhost. >> >> The Apache package also enables it for "anybody" > > which is a rather bad idea for many CGI scripts. plus it's a snipplet > example that is meant to be modified.
Why is a bad idea ? If you want to activate the cgi module, probably you want to activate it so everybody can just see your gitweb/whatever. Why would you want to activate it only for localhost ? Isn't this a very particular case ? Also, if that is an example to be modified, is kind of disturbing to modify that file. If you modify it locally, and a new package changed it, you will have to "merge" it on your own and that stuff. It's not very nice to modify that file :) If that is the "default", I think it should comfortable for "the majority", not just for particular usage cases. And if its just "to copy"/"know how to do that" perhaps in the README.Debian or some of those documentation files would be more appropriate ? Thanks a lot, Rodrigo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
