[php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

[Christoph Anton Mitterer]

On Wed, 2012-08-15 at 10:40 +0200, Ondřej Surý wrote:
> With the exception of RemoteType php they are all in the place.
I've just had a look into git (I guess that's the canonical location?):
http://anonscm.debian.org/gitweb/?p=pkg-php/php.git;a=blob_plain;f=debian/php5-common.README.Debian;hb=HEAD
and
http://anonscm.debian.org/gitweb/?p=pkg-php/php.git;a=blob_plain;f=debian/libapache2-mod-php5.conf;hb=HEAD

Even, if you don't want to add RemoveType to secure things more,... the
optimisations with respect to patterns and FilesMatch I've proposed
before and after you closed the other bug seem to miss completely.
Just in case this is by accident....


>  Please be aware that mime-types package dropped non-standard
cosmetic: a "the" is missing before mime-types

>  The package mime-types has dropped the following non-standard
>  definitions:
Seems to double the information from above a bit... I don't mind,.. just
you want to make it shorter :)


>  the a PHP Internet Media Type (commonly known as MIME type).  They
Typo: I guess that's from me ;-) ... the "a" is too much.



>  In order to avoid any problems when not using Apache PHP5 module
I don't like this negative advertising against the other SAPIs... :(


>  the php5-common package on how to correctly configure PHP 5 running
purely cosmetic: sometimes you/we write PHP5 sometimes PHP 5.


>  Server) and take care, that and PHP files intended to be interpreted
Typo: (also from me I guess?) the "and" seems to be too much, or
something is missing




Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5450 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120815/fdcfdad3/attachment-0001.bin>