The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WebStandard 3.0 Proposal



The issues with WN are (from memory I am not the current maintainer!)

1. The inability to run cgi-bin binares from a directory named
   /cgi-bin/directory/script-name.

Solved by the 3.0 Proposal since scripts are in standard
cgi-bin/script-name locations. No need anymore for your special c-program
that you were intending to write.

2. The need to put an index file into all directories from which webpages
   are to be served and thus in /usr/doc/packagename.

This means that WN needs to generate new "index" files in read-only space
ONCE after a package is installed. There is no need for constant
read-write access. 

I think this can be solved for now by having a script included in the
WN package to be run manually to update/generate those indexes. Since
/usr/doc must be writable at package installation anyways that script
could be run after packages have been installed to generate the needed
files.

Note that this is an issue only specific to one webserver. All other
webservers (boa,ncsa,apache,cern) do not need anything like it.

My UPM concept includes the idea of "triggers". I.e. an application when
installed can tell the package manager to run a certain script if files
are later installed in certain hierachies. If we could put that idea into
dpkg then WN's update script could automatically be run if files are
installed into /usr/doc by the package manager.

On Sun, 19 Jan 1997, Bruce Perens wrote:

bruce >Can you _please_ deal with the WN issue? I'll go with your proposal
bruce >if you can just fix the problem with it wanting to have its files in-band
bruce >with this supposedly ROM data.
There is no "fix" of not having index files in those directories. That is
inherent in the security concept of WN.

bruce >Is there anything that deals with .html.gz files yet? I am willing
bruce >to live with it being uncompressed for now, but handling compressed
bruce >pages _transparently_ is certainly a desirable feature. A CGI script
bruce >could do it under some servers I know, perhaps not WN..

It is better to keep .html uncompressed. It will probably difficult when
porting a webserver to add that on-the-fly decompression and I really
would like Debian to have all major webservers available.
Also on-the-fly decompression is a severe strain on cpu-resources on a
busy webserver because the uncompression has to be run for EACH and EVERY
webpage access! My webserver champion right now is "boa" which is a
specially speed/resource optimized webserver and on-the-fly decompression
is incompatible with the goals of the design.

Incidentally: I would suggest getting rid of all compression requirements
in the policy and make it instead into a local policy of the sysadmin.
There are many issues where problems can arise with files having wrong
filenames etc etc. Perhaps the configuration manager you are envisioning
can make compression configurable?

Those triggers in the UPM concept would make it possible to automatically
compress/fix certain hierachies if desired by the sysadmin. The files will
be installed and then the trigger scripts will compress all files in those
hierachies.

bruce >> 
bruce >> 1. Packages install cgi-bin scripts / executables as
bruce >> 
bruce >> /usr/lib/cgi-bin/x
bruce >> 
bruce >> which the webserver makes accessible via URL http://localhost/cgi-bin/x
bruce >> by whatever means available.
bruce >> 
bruce >> The webserver / sysadmin does not need to have the cgi-bin pointed
bruce >> to that location but might instead choose arbitrary methods to
bruce >> increase security accessing those executable scripts.
bruce >> 
bruce >> 2. Package documentation is installed in /usr/doc/package/somename.html
bruce >> as per our policies and is accessible as
bruce >> 
bruce >> http://localhost/doc/package/somename.html
bruce >> 
bruce >> Again it is irrelevant how the webserver makes these files accessible.
bruce >> In the simplest case this could be done with a symlink or a alias in the
bruce >> webserver configuration file.
bruce >> 
bruce >> By the way please change the policy to allow uncompressed .html code
bruce >> in /usr/doc/package/*.html.
bruce >--
bruce >Bruce Perens K6BP   Bruce@Pixar.com   510-215-3502
bruce >Finger bruce@master.Debian.org for PGP public key.
bruce >PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6  1F 89 6A 76 95 24 87 B3 
bruce >

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
Please always CC me when replying to posts on mailing lists.


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com