On Mon Oct 06, 2003 at 07:48:29PM +0200, Guillaume Rousse wrote: > > Oden.. nice to see, but you didn't install it in a good way. > > > > You have include/ exposed, which would have been fine for 0.2.3 or earlier, > > but the layout should really be something like: > > > > /var/www/anthill > > > > rather than /var/www/html/anthill. Then you just expose > > /var/www/anthill/html (ie. via an Alias or a symlink), but you keep > > include/, etc/, etc. unexposed and entirely unreachable for maximum > > security. > There have been some discussion previously about this, see > http://qa.mandrakesoft.com/twiki/bin/view/Main/PackagingTask#Web_applications > for kind of synthesis. > > The point was to use /var/www/html/%{name} for every application, and to use > FHS compliant location for non-web files. If you have a configuration > directory for anthill, it seems for me more logical to use /etc/anthill for > it than /var/www/anthill/etc, for instance. The same could be said for > include, that should rather go into /usr/share/anthill. > > > I can fix this a little later on if you like (or you can). I'm not on the > > cooker list anymore so you'll have to cc me. > I'd prefer to restart this discussion on web applications policy first...
Ack... this is why I don't think web apps should be rpm packaged.
Can you make it even more convoluted and hard for people to use?
Wouldn't it make more sense to have something like:
/var/www/packages/%{name}
that you install everything into and then add a <Directory></Directory>
clause to httpd.conf or some other include file so we can alias, for example
/geeklog/ /var/www/html/packages/geeklog/public_html/
or
/anthill/ /var/www/html/packages/anthill/html/
so we don't screw around with the "normal" way of doing things?
You start throwing anthill/include into /usr/share/anthill and anthill/etc
into /etc/anthill and you're going to be messing up all kinds of people
unless you plan on rewriting the docs. This goes for every web app, not
just anthill.
Anways anthill/etc is not a configuration directory.. it has upgrade files,
etc. The configuration is in anthill/include. So you propose to put
anthill/include into /etc/anthill and anthill/etc into /usr/share/anthill?
If you do stuff like that, authors and people on mailing lists will start
people to avoid "Mandrake packaged web apps" like the plague... you've just
made support 3x as difficult because the authors aren't going to know where
stuff goes.
You'll also likely screw up stuff like include("../somefile"); directives
and the like.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
