Stefano Zacchiroli wrote:
[ adding -policy to Cc: ] On Wed, Nov 04, 2009 at 04:08:02PM +0100, Holger Levsen wrote:Uhm, why postpone this so long? I'd hope we could find a consensus quite soon. Then, we might not be able to fix _all_ web apps until squeeze, but at least tthose few with dir-or-file-in-var-www :-)I see it a tad more complicate than you, let's hope its me overestimating the task :-) - the agreement actually should not come among web app maintainers, but rather among web *server* maintainers: they should agree over a specific dir and change the default configuration of the web server so that that dir is the document root (for the default vhost, for web servers supporting vhosts) * possibly, migrating to that would require offering migration paths to package users - then you might start migrating web apps packages so that they install (static) stuff under that dir, preserving the per-package path as detailed in the webapps-common policy - then, the rule should go into policy (possibly under §9.1.1, has an exception to FHS, not sure about the section though) and that can't happen before due to the usual practice-should-predate-policy
Personally I would like to have a competently different approach: - web server ask where to put the root (probably proposing default a /srv/www location). But not further assumption about the location. Admins, per FHS, could choose other paths. This could be done by a new update-http-root application. (and ev. could handle multiple vhost). And possibly allowing no public location (thus forcing local only connections): we tend to forget about this, but IMHO more and more desktop computers are installed with webserver because of local convenience. Thus we really need to securely support this common cases. - No webapp are installed "live" by default: We have too much crap web application, and some/most of our users don't realize that they are installing a public accessible crap. [the desktop users] Thus IMHO we need a "update-webappl" utility, which would list, ask and ev. install the just installed webapplication. This is not so far as the installation of apache modules, which ask for which apache (apache/apache2/apache2-ssl/...) to enable modules. We just list the possible web root. Naturally admins can skip this point (e.g. not allowing debian to handle webappl, but doing manually). Probably a webserver-specific support script will handle the generation of symlink (default) or via configuration (webserver specific) of the /usr/lib/cgi or /usr/share/* dir. In short: - no hardcoded default root location (only a default value for a real user question) - not installing by default (without asking) web apps. ciao cate PS: first mail in debian-policy, so maybe I missed the point of the discussion (which take place in the other mailing lists)