Le Sun, Jul 21, 2013 at 10:09:48PM -0700, Jonathan Nieder a écrit :
>
> > On my side, I think that the current practice is not to serve /doc by
> > default,
> > and I therefore second the proposition of Thomas to remove point 2 of
> > chapter
> > 11.5.
> >
> > Are there other seconds or objectio
Charles Plessy wrote:
> On my side, I think that the current practice is not to serve /doc by default,
> and I therefore second the proposition of Thomas to remove point 2 of chapter
> 11.5.
>
> Are there other seconds or objections ?
Seconded.
Thanks,
Jonathan
--
To UNSUBSCRIBE, email to deb
Processing commands for cont...@bugs.debian.org:
> tag 715804 patch
Bug #715804 [debian-policy] Debian policy for web apps still references /doc as
accessible
Added tag(s) patch.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
715804: http://bugs.debian.org/cgi-b
tag 715804 patch
thanks
Le Thu, Jul 11, 2013 at 08:06:33AM +0900, Charles Plessy a écrit :
> Le Thu, Jul 11, 2013 at 01:24:45AM +0800, Thomas Goirand a écrit :
> >
> > The Debian policy for web apps still references /doc as accessible
> > through the web (see point 3 of chapter 11.5), though it h
Hello,
I am contacting you because you are listed as maintainer of a package
that provides the httpd virtual package. (grep-aptavail -F Provides httpd)
The Debian Policy currently specifies that /usr/share/doc/“package” is served
on localhost by web servers. This has been discontinued with apach
On 07/11/2013 03:19 PM, Russ Allbery wrote:
> Thomas Goirand writes:
>
>> I agree with the removal, though I would also add a quick note saying
>> that we *used* to have access to /doc with web servers on localhost, but
>> it was removed, with a link to
>> http://www.debian.org/security/2012/dsa-
Thomas Goirand writes:
> I agree with the removal, though I would also add a quick note saying
> that we *used* to have access to /doc with web servers on localhost, but
> it was removed, with a link to
> http://www.debian.org/security/2012/dsa-2452. Something like:
I don't think that's a good i
On 07/11/2013 07:06 AM, Charles Plessy wrote:
> user debian-pol...@packages.debian.org
> usertags 715804 normative discussion
> thanks
>
> Le Thu, Jul 11, 2013 at 01:24:45AM +0800, Thomas Goirand a écrit :
>> Package: debian-policy
>> Severity: important
>>
>> The Debian policy for web apps still
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Le 10/07/2013 19:06, Charles Plessy a écrit :
> I note that /doc was only to be served locally. How did that cause security
> issues ?
- if some front-end server on the same host forwards connections to
an apache2 backend server on the
user debian-pol...@packages.debian.org
usertags 715804 normative discussion
thanks
Le Thu, Jul 11, 2013 at 01:24:45AM +0800, Thomas Goirand a écrit :
> Package: debian-policy
> Severity: important
>
> The Debian policy for web apps still references /doc as accessible
> through the web (see point
Package: debian-policy
Severity: important
The Debian policy for web apps still references /doc as accessible
through the web (see point 3 of chapter 11.5), though it has been removed
for security reasons. The policy should be updated.
Thomas Goirand (zigo)
--
To UNSUBSCRIBE, email to debian-p
11 matches
Mail list logo
