Package: debian-policy
Severity: wishlist
Version: 3.5.6.0
First attempt at changing policy, so if you have a suggestion, feel
free.
--- policy.sgml Thu Oct 11 14:20:37 2001
+++ policy-cgi.sgml Thu Oct 11 14:31:26 2001
@@ -6471,11 +6471,20 @@
<enumlist>
<item>
<p>
- Cgi-bin executable files are installed in the
+Cgi-bin executable files
+ must be installed non-executable (e.g. mode 0644) by default.
+ The package may ask the user via debconf or similar means to enable the
+ applications, and do so if indicated. The answer may be stored for
future
+ use. The maintainer may opt to print a notification that the user should
+ manually enable the cgi files. The package should present a brief notice
+ of the security risks of cgi applications.
+
+Cgi-bin files are installed in the
directory
<example compact="compact">
/usr/lib/cgi-bin/<var>cgi-bin-name</var>
</example>
and should be referred to as
<example compact="compact">
http://localhost/cgi-bin/<var>cgi-bin-name</var>
--
Unix Staff, High Energy Physics Group <[EMAIL PROTECTED]>
Debian/GNU Linux! http://www.debian.org <[EMAIL PROTECTED]>
