[Pkg-dspam-misc] Bug#553498: dspam-webfrontend: dir-or-file-in-var-www /var/www/dspam/admin.cgi and 6 others

Manoj Srivastava srivasta at debian.org
Sat Oct 31 19:10:33 UTC 2009


Package: dspam-webfrontend
Version: 3.6.8-9.3
Severity: serious
User: lintian-maint at debian.org
Usertags: dir-or-file-in-var-www

Debian packages should not install files under /var/www. This is not
one of the /var directories in the File Hierarchy Standard and is
under the control of the local administrator. Packages should not
assume that it is the document root for a web server; it is very
common for users to change the default document root and packages
should not assume that users will keep any particular setting. 

Packages that want to make files available via an installed web server
should instead put instructions for the local administrator in a
README.Debian file and ideally include configuration fragments for
common web servers such as Apache.

As an exception, packages are permitted to create the /var/www
directory due to its past history as the default document root, but
should at most copy over a default file in postinst for a new install.

Refer to Filesystem Hierarchy Standard (The /var Hierarchy) for
details.

One solution that works is to put configuration files into
/etc/<package_name>, put static content, if any, into
/usr/{share,lib}/<package_name>, then create /var/lib/<package name>
as home for the package, and symlink the files from /etc and /usr/
into the /var/lib/<package_name>. Then create a simple set of
configuration snippets for popular web servers (for example, files one
may link into /etc/apache2/conf.d) and put them into
/etc/<package_name>. This way user modifiable files stil live in /etc,
and a simple operation can make the package go live.

Filed as serious, since this is a violation of the FHS (which is part
of policy), and also since a package with these files will currently
get this package rejected. See
  http://lists.debian.org/debian-devel-announce/2009/10/msg00004.html
for details. This means the package has been deemed too buggy to be in
Debian.

manoj


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'oldstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31.4-anzu-2 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dspam-webfrontend depends on:
pn  dspam                         <none>     (no description available)
ii  libgd-gd2-perl                1:2.39-2   Perl module wrapper for libgd - gd
ii  libgd-graph3d-perl            0.63-5     Create 3D Graphs with GD and GD::G

dspam-webfrontend recommends no packages.

Versions of packages dspam-webfrontend suggests:
pn  apache2-suexec                <none>     (no description available)
ii  libapache2-mod-auth-openid    0.3-2      OpenID authentication module for A
ii  libapache2-mod-auth-pam       1.1.1-8    module for Apache2 which authentic
ii  libapache2-mod-auth-pgsql     2.0.3-5    Module for Apache2 which provides 
ii  libapache2-mod-auth-plain     2.0.50     Module for Apache2 which provides 
ii  libapache2-mod-auth-sys-group 1.1.1-8    Module for Apache2 which checks us
ii  libapache2-mod-perl2          2.0.4-5    Integration of perl with the Apach





More information about the Pkg-dspam-misc mailing list