[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Web applications

On Thu, Aug 19, 2004 at 03:41:34PM +0200, Pierre Habouzit wrote:
> my english was horrible, wasn't it ?
> 
> well, I'll try to make a list of what should be unified (I'll use a lot of 
> Sean's list, but not only)
> 

(6) SECURITY ASPECTS 
--------------------

A lots of applications (mainly PHP ones) out there have very bad archs,
they mix together site-related code and core code in the same tree
and often in the same files (sigh!). They require manual editing
of files to prevents local information loss during upgrades...
I thought to use ucf for that, but it's really a ugly solution. 
Security upgrades in this conditions are painful. This is exactly the
reason I did not yet packaged applications like labe or xoops. Or
why applications like phpnuke suck.
We should define a minimal policy to which applications should be 
compliant to be packaged in Debian. Having a nice multi-site packaged
app which can be a problem for sec-upgrading is not a great idea... 

-- 
Francesco P. Lovergine
Reply to: