Mailinglist Archive: opensuse-packaging (232 mails)
| < Previous | Next > |
Re: [opensuse-packaging] PHP application packaging
- From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
- Date: Tue, 14 Feb 2012 10:44:47 +0100
- Message-id: <4F3A2D0F.5020207@suse.de>
Christian Boltz wrote:
Yeah, I always need to have a sick bag handy when thinking about web
apps ;-) As Ralph already wrote the update mechanism for an rpm
package is installing an updated rpm package. If you don't like that
then don't install the app as rpm in the first place. We don't let
e.g. Firefox update itself per user either.
I guess some webapps are better and some are worse, depending who
wrote it and for what purpose. I'm sure a well designed application
would work both in the shared hosting scenario as well as in the
system package mode with least privilege thinking and separation of
data and configuration.
It's just the same as with 'native' programs. Fortunately DOS style
programs that want world writeable /opt/something directories
or only work in $HOME are almost extinct.
I'm not sure what the number of hits in the CVE database for those
candidates tells us about them :-)
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx
[...]
- webapps that allow to update themself online (like wordpress - and
no, I won't be surprised if I see a *shudder* from Ludwig because this
requires write permissions for wwwrun on the whole webapp)
Yeah, I always need to have a sick bag handy when thinking about web
apps ;-) As Ralph already wrote the update mechanism for an rpm
package is installing an updated rpm package. If you don't like that
then don't install the app as rpm in the first place. We don't let
e.g. Firefox update itself per user either.
Things aren't as easy as you'd like them to be ;-) and you'll probably
end up with lots of symlinks (depending on which webapp you package of
course).
I guess some webapps are better and some are worse, depending who
wrote it and for what purpose. I'm sure a well designed application
would work both in the shared hosting scenario as well as in the
system package mode with least privilege thinking and separation of
data and configuration.
It's just the same as with 'native' programs. Fortunately DOS style
programs that want world writeable /opt/something directories
or only work in $HOME are almost extinct.
If you want real-world examples which parts/directories need to be
writeable, I can lookup the details in my apache AppArmor profile for
(at least) Joomla, Typo3, S9Y and Mediawiki.
I'm not sure what the number of hits in the CVE database for those
candidates tells us about them :-)
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx
| < Previous | Next > |