Alexis Sukrieh wrote: > As you might have noticed, the last policy version (3.7.0) says that > web application packages must not put CGIs under `/usr/lib/cgi-bin' > anymore: > > Quoting lintian: > > This is done to avoid conflicts with the cgi-bin script alias, > which is reserved for the local use of webmasters. > > CGIs must be put under /usr/lib/cgi-lib now.
As I posted to -policy, this seems to have been mis-handled: A few bug reports were filed on some web servers back in 2003 to make them support /usr/lib/cgi-lib. Even fewer web servers were so updated. All of those later reverted the patch or were removed from Debian. Three years later, the amendment was put into policy for no apparent reason (ie, why accept it in 2006, instead of 2005, 2004, or 2003?). I'm aware of no web servers or packages in debian that support or use /usr/lib/cgi-lib now. > I won't discuss here the goodwill of this change, I just want to > point out that by now, 110 packages are RC bug candidates because of > this [2] (422 files installed inder `/usr/lib/cgi-bin'). Policy uses a "should" for this, so at most these would be regular severity bugs, not RC bugs. Also, your list is incomplete since it doesn't include web servers needing to implement support for the directory first, which policy or no policy, is a prerequisite for any package to use this directory. Packages changed to /usr/lib/cgi-lib before web servers support it could be considered RC buggy, since they'll no longer *work*. The original transition plan for this was broadly, to fix all the web servers to support /usr/lib/cgi-lib while still supporting /usr/lib/cgi-bin, then to move the cgi programs, and then presumably to let the admin do whatever they like with /cgi-bin/ after that. -- see shy jo
signature.asc
Description: Digital signature
