[pkg-php-pear] (Not) shipping tests in binary packages

Thomas Goirand zigo at debian.org
Tue Jul 9 16:15:07 UTC 2013

On 07/03/2013 05:08 AM, David Prévot wrote:
> Hi,
> Le 02/07/2013 15:47, Mathieu Parent a écrit :
>> 2013/7/2 David Prévot <taffit at debian.org>:
>> I still consider having tests as part of packaging a good practice,
>> but it should be done in a different path and this path should not be
>> available from the web server (i.e, not in a Apache <DIrectory>).
> Even then, there is still a risk of a misconfigured web server (that can
> also happen to be a default value).
> 	http://www.debian.org/security/2012/dsa-2452

Come on, that one is *not* an argument... :)

I do think that tests are very valuable for our users. They, by
definition, include good examples on how to use a lib.

> Introducing (or even
> keeping) potential risk vectors that are not mandatory at runtime
> doesn’t seems like a good idea at all: they end up in production servers…

IMO, they should just be shipped in /usr/share/doc, and that's it.
Probably that's a very good idea to fix pkg-php-tools to do that, and
probably to *not* do a symlink in /usr/share/php.


More information about the pkg-php-pear mailing list