[Pkg-dspam-misc] Bug#553498: Bug#553498: dspam-webfrontend: dir-or-file-in-var-www /var/www/dspam/admin.cgi and 6 others
Julien Valroff
julien at kirya.net
Sat Oct 31 20:39:59 UTC 2009
Hi Manoj,
On Sat, 31 Oct 2009 14:10:33 -0500, Manoj Srivastava <srivasta at debian.org>
wrote:
> Package: dspam-webfrontend
> Version: 3.6.8-9.3
> Severity: serious
> User: lintian-maint at debian.org
> Usertags: dir-or-file-in-var-www
>
> Debian packages should not install files under /var/www. This is not
> one of the /var directories in the File Hierarchy Standard and is
> under the control of the local administrator. Packages should not
> assume that it is the document root for a web server; it is very
> common for users to change the default document root and packages
> should not assume that users will keep any particular setting.
>
> Packages that want to make files available via an installed web server
> should instead put instructions for the local administrator in a
> README.Debian file and ideally include configuration fragments for
> common web servers such as Apache.
>
> As an exception, packages are permitted to create the /var/www
> directory due to its past history as the default document root, but
> should at most copy over a default file in postinst for a new install.
>
> Refer to Filesystem Hierarchy Standard (The /var Hierarchy) for
> details.
>
> One solution that works is to put configuration files into
> /etc/<package_name>, put static content, if any, into
> /usr/{share,lib}/<package_name>, then create /var/lib/<package name>
> as home for the package, and symlink the files from /etc and /usr/
> into the /var/lib/<package_name>. Then create a simple set of
> configuration snippets for popular web servers (for example, files one
> may link into /etc/apache2/conf.d) and put them into
> /etc/<package_name>. This way user modifiable files stil live in /etc,
> and a simple operation can make the package go live.
>
> Filed as serious, since this is a violation of the FHS (which is part
> of policy), and also since a package with these files will currently
> get this package rejected. See
> http://lists.debian.org/debian-devel-announce/2009/10/msg00004.html
> for details. This means the package has been deemed too buggy to be in
> Debian.
As dspam-webfrontend relies on apache2-suexec, which sets the document
root
to /var/www/, I fear there is nothing we can do about this for now.
Furthermore, as per
http://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-web-appl:
"If access to the web document root is unavoidable then use /var/www as
the Document Root."
I would hence think using /var/www for dspam-webfrontend is correct,
what do you think of it?
Cheers,
Julien
More information about the Pkg-dspam-misc
mailing list