On Mon, 12 Jun 2006, Marc Wilson wrote: > As usual, Debian's CUPS is broken by default.
As usual, *CUPS* is broken. Debian's own packaging can (and often does) make it worse, though. > *Whyinhell* the maintainer would ask a question regarding browsing, but not > actually *DO* anything to make it work, is beyond me. Bug. Single overworked maintainer + overly-complex piece of software. Maybe someone with a lot of free time and good knowledge on CUPS could step up to help him? > Note to maintainer: telling CUPS to advertise printers but setting up > cupsd.conf to only allow connections from localhost doesn't exactly work > too well. Certainly neither my several OS X machines nor my Windows XP > machine think much of that. File this as a bug, severity normal or important. > We won't even talk about why the web interface offers to let you edit > cupsd.conf (to fix things, no doubt), but the package seems to set the > permissions on that file to make it impossible. This is another bug. That part of the web interface should be clearly labelled as "disabled" when CUPS cannot write to its files. I don't think we should bother waiting for upstream on this one. It would be also nice to add a medium-priority debconf question about changing permissions to allow remote server-configuration admin through the web interface, while clearly warning people off the danger: The default would have to be "disabled", because it is a potential major security hazard. CUPS cannot be trusted to change its own running environment while running as root -- too complex, not audited at all, not well regression-tested. And I should add, I heard from CUPS upstream themselves that CUPS 1.2 is supposed to be secured using something external like SE-Linux, if one wants to add any "extra security" to it. This worried me a damn great deal, maybe for no good reason but still... Since this hazard is currently defanged anyway, it is either a severity minor or normal bug (it is not wishlist, as the interface is there but not working and without any warnings of that happening). Please file the bugs on the Debian BTS (using the reportbug tool), it will be far more effective than complaining on a debian-user thread which I wouldn't assume to be actively read by the maintainer (unlike, say, [EMAIL PROTECTED]). -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
