zarb-ml/mageia-dev/20110119/002227.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [Mageia-dev] Proofreading web applications policy
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Proofreading%20web%20applications%20policy&In-Reply-To=%3C20110118233857.GD20740%40sisay.ephaone.org%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="002226.html">
   <LINK REL="Next"  HREF="002228.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[Mageia-dev] Proofreading web applications policy</H1>
    <B>Michael scherer</B> 
    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Proofreading%20web%20applications%20policy&In-Reply-To=%3C20110118233857.GD20740%40sisay.ephaone.org%3E"
       TITLE="[Mageia-dev] Proofreading web applications policy">misc at zarb.org
       </A><BR>
    <I>Wed Jan 19 00:38:57 CET 2011</I>
    <P><UL>
        <LI>Previous message: <A HREF="002226.html">[Mageia-dev] mailing list for new RPMs
</A></li>
        <LI>Next message: <A HREF="002228.html">[Mageia-dev] Python Packaging Policy
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2227">[ date ]</a>
              <a href="thread.html#2227">[ thread ]</a>
              <a href="subject.html#2227">[ subject ]</a>
              <a href="author.html#2227">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>On Tue, Jan 18, 2011 at 07:07:00PM +0100, Remy CLOUARD wrote:
&gt;<i> Hello there,
</I>&gt;<i> 
</I>&gt;<i> I started to have a look at the webapps policy.
</I>&gt;<i> 
</I>&gt;<i> There&#8217;s something that has been bugging me for a while, that&#8217;s the
</I>&gt;<i> apache-centric way of thinking of this policy.
</I>&gt;<i> 
</I>&gt;<i> To me, there are valuable alternatives to apache that deserve to be
</I>&gt;<i> treated equally.
</I>&gt;<i> Here are the packages that provides webserver
</I>&gt;<i> 
</I>&gt;<i> apache-ssl|apache-mpm-event|apache-mpm-peruser|nginx|lighttpd|
</I>&gt;<i> cherokee|apache-mpm-itk|apache-mpm-worker|thttpd|apache-mpm-rsbac|
</I>&gt;<i> apache-mpm-prefork|boa
</I>&gt;<i> 
</I>&gt;<i> &#8220;These are the files that are susceptible to change during the
</I>&gt;<i> application's lifetime. They go in /var/lib/foo. If they are supposed to
</I>&gt;<i> be editable by the application directly from the web interface, they
</I>&gt;<i> should be owned by apache user and apache group.&#8221;
</I>&gt;<i> 
</I>&gt;<i> Could we create a generic group (webserver for instance) to allow
</I>&gt;<i> webapps to play nice with these webserver ?
</I>
Wouldn't it be a security problem to have different
daemon sharing the same uid ?

&gt;<i> Same goes for logfiles and config files containing sensitive
</I>&gt;<i> informations.
</I>&gt;<i> 
</I>&gt;<i> I would also be in favor of creating subpackages for webapps that
</I>&gt;<i> provides better integration with apache such as files in
</I>&gt;<i> /etc/httpd/conf/webapps.d/.
</I>
That would make life difficult for user, as they would have to answer questions
about things that the package manager would have to figure by 
itself.

( like deduce what configuration file would be used based on system information )

I think we should aim to reduce questions rather to ask more.
 
&gt;<i> That way, webapps should have a Requires on webserver, and the
</I>&gt;<i> subpackage should have one on apache.
</I>&gt;<i> 
</I>&gt;<i> Another issue is the owner of /var/www. This directory is owned by
</I>&gt;<i> apache-conf. Could we instead make a generic package called
</I>&gt;<i> webserver-data for instance that would provide it ? This way each
</I>&gt;<i> package providing webserver would have to require webserver-data.
</I>
Put it in filesystem rpm then. And technically, shouldn't
we follow lsb and use /srv ? 

&gt;<i> Finally, that may be a little cosmetic detail, but I would prefer
</I>&gt;<i> template files for apache to be in a separate file in SOURCES/ that&#8217;s
</I>&gt;<i> included instead of creating it in the spec like:
</I>&gt;<i> cat &gt; %{buildroot}%{_webappconfdir}/%{name}.conf &lt;&lt;EOF
</I>
Well, why ?
Inline  configfile can use macros, that's usually a way to be sure
that /var/ww/%{name} is properly set 
-- 
Michaeli Scherer
</PRE>


<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="002226.html">[Mageia-dev] mailing list for new RPMs
</A></li>
	<LI>Next message: <A HREF="002228.html">[Mageia-dev] Python Packaging Policy
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2227">[ date ]</a>
              <a href="thread.html#2227">[ thread ]</a>
              <a href="subject.html#2227">[ subject ]</a>
              <a href="author.html#2227">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>