On Sun, Oct 05, 2008 at 04:08:36PM +0000, Rodrigo Campos wrote: > On Sun, Oct 5, 2008 at 5:35 AM, Pierre Habouzit <[EMAIL PROTECTED]> wrote: > > On Sat, Oct 04, 2008 at 02:33:08AM +0000, Rodrigo Campos wrote: > >> Package: lighttpd > >> Version: 1.4.19-5 > >> Followup-For: Bug #499334 > >> > >> The fix allows CGI execution only from localhost. If you enabled cgi > >> module you > >> probably don't want it to work only from localhost. > >> > >> The Apache package also enables it for "anybody" > > > > which is a rather bad idea for many CGI scripts. plus it's a snipplet > > example that is meant to be modified. > > Why is a bad idea ? > > If you want to activate the cgi module, probably you want to activate > it so everybody can just see your gitweb/whatever. Why would you want > to activate it only for localhost ? Isn't this a very particular case > ?
Because every package with a cgi will drop a cgi in there, and you may not want them to be _all_ enabled this way. > Also, if that is an example to be modified, is kind of disturbing to > modify that file. If you modify it locally, and a new package changed > it, you will have to "merge" it on your own and that stuff. It's not > very nice to modify that file :) > > If that is the "default", I think it should comfortable for "the > majority", not just for particular usage cases. > > And if its just "to copy"/"know how to do that" perhaps in the > README.Debian or some of those documentation files would be more > appropriate ? Well, patches are always welcome. FWIW it's obvious to me that files that are not active by default and are dropped in the Debian package in /etc/lighttpd/conf-available are examples meant to be modified to suit your personal needs. -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgpOGiWsGGUFf.pgp
Description: PGP signature
