httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <p.richa...@elsevier.co.uk>
Subject Re: removal of cgi-bin and cgi-src
Date Tue, 23 Apr 1996 09:36:13 GMT
In reply to Randy Terbush who said
> 
> > 
> > Folks, we have a problem.  We do not consider the code we distribute in 
> > the cgi-src and cgi-bin directories as supported Apache code.  This has 
> > not been a conscious decision, but more a reflection of the fact that 
> > very few of us actually use it or care about it.  Yet, it is being 
> > bundled with our software, and when there is a security warning or 
> > problem with the software, the chinese wall inside our heads is not 
> > relevant.  So, I propose that we remove the cgi-bin and cgi-src 
> > directories - optionally, we can add a text file pointing to the more 
> > common CGI resources out there.  There are only three files we have added 
> > to the cgi-src directory - animate.c (a server-push CGI script), count.c 
> > (a server-side counter) and random.c (a random-URL generator).  Those 
> > could either be packaged separately or pointed at elsewhere.  
> > 
> > Other opinions?
> > 
> > 	Brian
> 
> All of this stuff is of questionable importance to the server project.
> Certainly not important enough to get drug through the mud over.
> I would vote to axe it and blame it's absence on the lawyers of the
> world...


We should probably just ditch it. No matter how we much we emphasise it's
unsupported if someone installs something insecure and we're distributing
it then the mud will hit us from any security alerts.

Let's not ship anything we don't maintain.


-- 
  Paul Richards. Originative Solutions Ltd.  (Netcraft Ltd. contractor)
  Elsevier Science TIS online journal project.
  Email: p.richards@elsevier.co.uk
  Phone: 0370 462071 (Mobile), +44 (0)1865 843155

Mime
View raw message