Package: haserl
Version: N/A
Severity: normal
Tags: patch
Dear Debian maintainer,
On Thursday, July 21, 2011, I notified you of the beginning of a review process
concerning debconf templates for haserl.
The debian-l10n-english contributors have now reviewed these templates,
and the proposed changes are attached to this bug report.
Please review the suggested changes, and if you have any
objections, let me know in the next 3 days.
However, please try to avoid uploading haserl with these changes
right now.
The second phase of this process will begin on Wednesday, August 03, 2011, when
I will
coordinate updates to translations of debconf templates.
The existing translators will be notified of the changes: they will
receive an updated PO file for their language.
Simultaneously, a general call for new translations will be sent to
the debian-i18n mailing list.
Both these calls for translations will request updates to be sent as
individual bug reports. That will probably trigger a lot of bug
reports against your package, but these should be easier to deal with.
The call for translation updates and new translations will run until
about Wednesday, August 24, 2011. Please avoid uploading a package with fixed
or changed
debconf templates and/or translation updates in the meantime. Of
course, other changes are safe.
Please note that this is an approximative delay, which depends on my
own availability to process this work and is influenced by the fact
that I simultaneously work on many packages.
Around Thursday, August 25, 2011, I will contact you again and will send a
final patch
summarizing all the updates (changes to debconf templates,
updates to debconf translations and new debconf translations).
Again, thanks for your attention and cooperation.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
--- haserl.old/debian/haserl.templates 2011-07-16 21:14:32.783410052 +0200
+++ haserl/debian/haserl.templates 2011-07-31 07:35:33.765880516 +0200
@@ -1,9 +1,18 @@
+# These templates have been reviewed by the debian-l10n-english
+# team
+#
+# If modifications/additions/rewording are needed, please ask
+# debian-l10n-engl...@lists.debian.org for advice.
+#
+# Even minor modifications require translation updates and such
+# changes should be coordinated with translators and reviewers.
+
Template: haserl/setuid
Type: boolean
Default: false
_Description: Install haserl binary with suid root permissions?
When haserl is installed with suid root permissions, it will automatically set
- its UID and GID to that of the owner and group of the script.
+ its UID and GID to match the owner and group of the script.
.
- WARNING: This is a potential security vulnerability, as scripts that are owned
+ This is a potential security vulnerability, as scripts that are owned
by root will be run as root, even when they do not have the suid root bit.
--- haserl.old/debian/control 2011-07-16 21:14:32.783410052 +0200
+++ haserl/debian/control 2011-07-27 22:03:18.457592002 +0200
@@ -17,17 +17,16 @@
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: lua5.1
Description: CGI scripting program for embedded environments
- Haserl is a small cgi wrapper that allows "PHP" style cgi programming, but
uses
- a UNIX bash-like shell or Lua as the programming language. It is very small,
so
- it can be used in embedded environments, or where something like PHP is too
- big.
+ Haserl is a CGI wrapper that allows PHP-style programming in Lua or a
+ POSIX-compliant shell. It is very small, so it can be used in embedded
+ environments, or where something like PHP is too big.
.
- It combines three features into a small cgi engine:
- * It parses POST and GET requests, placing form-elements as name=value
- pairs into the environment for the CGI script to use. This is somewhat
like
- the uncgi wrapper.
- * It opens a shell, and translates all text into printable statements. All
- text within <% ... %> constructs are passed verbatim to the shell. This is
- somewhat similar to how PHP scripts are parsed.
- * It can optionally be installed to drop its permissions to the owner of the
- script, giving it some of the security features of suexec or cgiwrapper.
+ It combines three features into a small CGI engine:
+ * It parses POST and GET requests, placing form-elements into the
+ environment as name=value pairs for the CGI script to use. This is
+ somewhat similar to the uncgi wrapper.
+ * It opens a shell, and translates all text into printable statements.
+ All text within <% ... %> constructs is passed verbatim to the shell.
+ This is somewhat similar to how PHP scripts are parsed.
+ * It can be set up to drop its permissions to the owner of the script,
+ giving it some of the security features of suexec or cgiwrapper.
