[pkg-php-pear] (Not) shipping tests in binary packages
Mathieu Parent
math.parent at gmail.com
Thu Jul 11 13:55:09 UTC 2013
2013/7/9 Thomas Goirand <zigo at debian.org>:
> On 07/03/2013 05:08 AM, David Prévot wrote:
>> Hi,
>>
>> Le 02/07/2013 15:47, Mathieu Parent a écrit :
>>> 2013/7/2 David Prévot <taffit at debian.org>:
>>
>>> I still consider having tests as part of packaging a good practice,
>>> but it should be done in a different path and this path should not be
>>> available from the web server (i.e, not in a Apache <DIrectory>).
>>
>> Even then, there is still a risk of a misconfigured web server (that can
>> also happen to be a default value).
>>
>> http://www.debian.org/security/2012/dsa-2452
>
> Come on, that one is *not* an argument... :)
>
> I do think that tests are very valuable for our users. They, by
> definition, include good examples on how to use a lib.
>
>> Introducing (or even
>> keeping) potential risk vectors that are not mandatory at runtime
>> doesn’t seems like a good idea at all: they end up in production servers…
>
> IMO, they should just be shipped in /usr/share/doc, and that's it.
> Probably that's a very good idea to fix pkg-php-tools to do that, and
> probably to *not* do a symlink in /usr/share/php.
I prefer to move them to /usr/share/phptest or something than
/usr/share/doc as they are not docs and are useless when compressed
(by dh_compress).
(but still I prefer not to move them, to avoid breakage)
Regards
--
Mathieu Parent
More information about the pkg-php-pear
mailing list