On Sat, 2012-08-04 at 12:44 +0900, Charles Plessy wrote: > do I understand correctly that the problem would be solved by documenting the > change in the release notes ? Well as said, I do _NOT_ consider this to be enough (see my previous mail for my proposed steps).
> If yes, can somebody write a draft and reassign this bug to the release-notes > packages ? What about: ------------------------------------------------------- mime-types package dropped non-standard definitions for PHP that might affect any systems using PHP --- The package mime-types has dropped the following non-standard definitions: application/x-httpd-php phtml pht php application/x-httpd-php-source phps application/x-httpd-php3 php3 application/x-httpd-php3-preprocessed php3p application/x-httpd-php4 php4 application/x-httpd-php5 php5 Systems, especially webservers (including but possibly not limited to the Apache HTTPD Server) may have used this to mark files as having the a PHP Internet Media Type (commonly known as MIME type). They may have used it further, to determine that such files are to be interpreted by PHP rather than served as normal files. If a webserver would not consider these files to be interpreted anymore this would have at least the following effects: - PHP web programs/sites no longer work - PHP files are directly exposed, which may be a security problem In order to avoid any problems, read the README.Debian from the php5-common package on how to correctly configure PHP (examples are provided for the Apache HTTPD Server) and take care, that and PHP files intended to be interpreted are recognised as such (typically by adding MIME-Type or handler definitions in the webserver configuration). More information can be found in bug #674089 and partially in #674205. ------------------------------------------------------- As you can see, I personally would put the burden of explaining how to (securely) configure PHP to the PHP packages... I have some discussions about that with Ondřej in #674205 ... I'm not yet fully happy with it (see there)... and although he closed the bug and said he'd have applied some of my proposals, I could not yet find these changes there. I haven't yet reassigned the bug, as I think my other steps of what I think should be done will get finally lost then. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
