[php-maint] Bug#447764: Bug#447764: Bug#447764: libapache2-mod-php5: updated debdiff

Steve Langasek vorlon at debian.org
Tue Jan 8 09:29:29 UTC 2008

On Mon, Jan 07, 2008 at 11:14:39AM +0100, sean finney wrote:
> hey folks,

> On Monday 07 January 2008 10:39:01 am Steve Langasek wrote:
> > Overall, I think this is a reasonable thing to add to the package.  Sean,
> > are you ok with it?

> i'm surprised i didn't comment on this.. must have lost my draft or something.  
> anyway, i think the idea in theory is nice, i haven't actaully checked the 
> contents of the page itself.  however:

> - i don't think we should be dropping files in /var/www.  we could accomplish 
> the same with an alias/scriptalias in a config file.

Hmm, 54 packages in lenny still disagree with you. :)  I'll admit I wasn't
happy with the idea of putting it in /var/www, but AFAIK if there's a new
"best practice" that should supersede this, it isn't published very widely?

> - i'm not sure if this is something we want enabled or at least globally 
> accessible by default.  maybe a small wrapper script to enable/disable, or it 
> could be plugged into an existing  framework (will a2enmod work for stuff 
> that's only .conf and not .load files maybe?).

Well, I think it misses the target audience if it's not enabled by default.
I'm guessing you're concerned about this being a security problem by virtue
of being an information leak?  It seems to me that the only information
being leaked is whether there's a mysql server or a postgresql server
available on the local machine.  If someone is in a position to exploit this
fact, presumably they don't need the PHP test page to tell them it's there?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the pkg-php-maint mailing list