1. Having Mailman's CGI scripts defend themselves against
inappropriate application of WebDAV methods is good and would
probably be required for RFC compliance if CGI had an RFC. The
fact the fix only requires change to a single driver script
to defend multiple functional scripts is a tribute to the
original design.
2. Inappropriate configuration of Apache servers with respect
to WebDAV is wrong.
a. Many if not most legacy CGI scripts will not have been
programmed to defend themselves against WebDAV methods.
Fixing them on an existing system is time consuming and
error prone. Fixing Apache config is easier and more
reliable.
b. Mailman's pipermail archives and much other served
resource should also not be subject to WebDAV methods
Only getting the Apache config right can deal with this.
Fixing CGI scripts is good. Getting the Apache configuration
correct is more important.
Logged In: YES
user_id=75166
There are two issues:
1. Having Mailman's CGI scripts defend themselves against
inappropriate application of WebDAV methods is good and would
probably be required for RFC compliance if CGI had an RFC. The
fact the fix only requires change to a single driver script
to defend multiple functional scripts is a tribute to the
original design.
2. Inappropriate configuration of Apache servers with respect
to WebDAV is wrong.
a. Many if not most legacy CGI scripts will not have been
programmed to defend themselves against WebDAV methods.
Fixing them on an existing system is time consuming and
error prone. Fixing Apache config is easier and more
reliable.
b. Mailman's pipermail archives and much other served
resource should also not be subject to WebDAV methods
Only getting the Apache config right can deal with this.
Fixing CGI scripts is good. Getting the Apache configuration
correct is more important.