sean finney <sean...@debian.org> writes: > something that hasn't really been brought up (i mentioned it on the > non-webapps thread in -devel already) is that this makes packages > potentially opened in an unconfigured state. unless you can ensure that > the system is only running on localhost, it has some significant > security implications. personally i'd rather that /usr/lib/cgi-bin goes > the way of the dodo, and that packages are required to ship/generate > webserver config files if they want to function out of the box.
Wholeheartedly agreed, particularly if we can put a management system in place similar to the (really nice) Apache module management system that lets admins selectively enable specific applications, which installing everything into a default CGI-active directory doesn't permit as easily. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
