-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 13.02.2012 14:55, schrieb Christian:
Hi Ludwig,
The latter is certainly wrong as the web server allows full access to those files by default then. IMO /srv/www/ is also the wrong location. Just put the files in /usr/share/NAME or /usr/lib/NAME like any other non-web application would do it. Ever thought /usr/share/NAME is for files "shared" to other apps, isn't it. For me a "webapp" should have its files in /srv/www/NAME.
Pear apps usually install themselves distributed over peardir, www_dir, bin_dir, data_dir etc whatever they are set to. If a php app includes cli parts, these should be where the distribution places "commands" (binaries to run from the shell). To me, /srv/ should be for user data (and apps that cannot be split into immutable parts and mutable parts are like mutable data)
Proper packages have their program code in a read only location and config files in /etc/. I don't understand why web stuff should be any different there even though sloppy programming seems to be more common in that area. agreed.
We have a policy to not enable daemons by default to avoid accidentally wide open systems. That's a good practice for any kind of service IMO. Unfortunately we lack infrastucture and tools to manage web apps properly. A tool like chkconfig that also understands virtualhosts etc would be nice, wouldn't it? :-) Yes, I agree partly. as an example postfix is installed by default, but should not be open to the world. OK But when I "definitly" install a webapp (webmailer) I want to have it "work" when I start apache. I like "ready-to-run" installations. ;)
I like them too. On local network. * But making an app run which requires a specific apache extension requires restarting (reloading?) apache and disturbing running operations. I do not want this triggered by rpm. * Some apps expose functionality which you don't want to over via web. Example: Horde comes with a system shell and a php shell for admins. The default config authenticates anyone as the administrator until another backend is configured. If you have a system with relaxed /home/ security this means anybody who can access your host can browse all user's data. I don't like that. Granted, most web apps don't provide such and it could be configured away. But still. - -- Ralf Lang Linux Consultant / Developer Tel.: +49-170-6381563 Mail: lang@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk85K9EACgkQCs1dsHJ/X7AD9wCgl0J6N5M68JSf0eV6xLHIVnnv 8DMAnAodH+KpmOJNsHx7Srm+WFq4wPNF =AGjo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org