On Thu, Apr 7, 2011 at 3:26 PM, Arno Töll <deb...@toell.net> wrote: >> I think a majority of users use the module. > > I don't think you should draw conclusions for the majority of users > based on your personal taste. Indeed the majority of users chooses > Debian because of its minimalistic approach (read: You don't need to > throw away stuff and packages on a freshly installed system/package). > > That said you shouldn't assume FastCGI is used by virtually everyone, > since Lighttpd makes an excellent httpd daemon for serving static > content for example (which is how I use it very much). > > I admit it wouldn't be such an issue to disable FastCGI if you don't > need it, but on the other hand, why activate it unless really necessary? > Especially since FastCGI, as "door" to server side code execution /can/ > be a security threat. > > Don't get me wrong, I'm not offensed if you oppose about my patch, but I > think it solves the problem in a much cleaner way than assuming > something for some people for some use cases. Moreover it solves the > problem for people being too lazy reading manual pages, since all they > need to do is to activate the FastCGI handler they want and dependencies > resolve to other modules required to run that handler.
Hi Arno, I said your idea/patch is fine. That doesn't mean I oppose it. ;) How does my approach require someone to read the manual? How is a loaded but unconfigured module a security threat? I'm not assuming it's used by everyone, but I am assuming it's used by a majority. Greetings, Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
