Re: Scripts with PHP shebang & mbedtls (wip/hiawatha)

[Greg Troxel <gdt%lexort.com@localhost>]

Kevin Bloom <ktnb%posteo.net@localhost> writes:

> "Hauke Fath (SPG)" <hf%spg.tu-darmstadt.de@localhost> wrote:
>
>> [Accidentally sent to Greg, only]
>> 
>> On 2024-03-25 18:59, Greg Troxel wrote:
>> > Kevin Bloom <ktnb%posteo.net@localhost> writes:
>> > 
>> >> There is another question to be answered that is kind-of related:
>> >> hiawatha monitor. This is an optional compile flag for hiawatha but to
>> >> get the "full feature" you're supposed to install the Hiawatha Monitor
>> >> site, which is a seperate tarball and requires php5 and mysql. So,
>> >> this package would require that you had the hiawatha PKG_OPTION for
>> >> the monitor set. How would we handle this situation?
>> > 
>> > Figure out how much it hurts to have the option set, and why it's even
>> > an option.
>> 
>> According to <https://www.hiawatha-webserver.org/howto/monitor>, the 
>> 'monitor' build option enables acl-protected access from the monitoring 
>> server (separate software) to Hiawatha's server logs.
>> 
>> If you don't use it, you don't want the access enabled.

Well, if the config file doesn't turn on any acls, the risk tradeoff is
unclear.  if it's scary, that's an upstream bug.

> Right, should we explain this in the options.mk? So others know the risks?

Very tersely, but more explaining to other pkgsrc workers why it is not
default on.  Upstream should document things, and users should read
upstream docs.