[pkg-php-pear] (Not) shipping tests in binary packages (was: Bug#714173: ITP: php-symfony-process -- Symfony PHP Framework - Process component)
taffit at debian.org
Tue Jul 2 21:08:15 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Le 02/07/2013 15:47, Mathieu Parent a écrit :
> 2013/7/2 David Prévot <taffit at debian.org>:
> I still consider having tests as part of packaging a good practice,
> but it should be done in a different path and this path should not be
> available from the web server (i.e, not in a Apache <DIrectory>).
Even then, there is still a risk of a misconfigured web server (that can
also happen to be a default value).
>> (There is more than one of such example in the wild).
> Do you have some pointers?
Not right now, sorry, but I doubt many other packages (I mean, in other
programming languages) usually ship tests: they’re a nice feature if
they can be used at build time, but if someones wants to run them
afterwards, they’re just an “apt-get source” away. Introducing (or even
keeping) potential risk vectors that are not mandatory at runtime
doesn’t seems like a good idea at all: they end up in production servers…
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the pkg-php-pear