On Wednesday 06 May 2015 11:47 PM, Justin B Rye wrote: > Pirate Praveen wrote: >> Justin B Rye wrote: >>> This package uses the rubygems packaging system to download Diaspora >>> and its dependencies, then configures it with PostgreSQL and Nginx. >> >> rubygems is used only for dependencies, diaspora is downloaded using >> wget. How about >> >> This package uses wget to download diaspora and uses the rubygems >> packaging system to download its dependencies, then configures it with >> PostgreSQL and Nginx. > > I think we're getting bogged down in technical details. The > important thing is that it isn't sticking to the Debian packaging > system, or even using the Debian build-dependency system to create a > diaspora .deb - instead it downloads and unpacks the upstream > tarball, and invokes > > sudo -u diaspora -E bundle install --path vendor/bundle > > which fetches a bunch of rubygems off the net and stashes them under > /usr/share/diaspora or somewhere. On the other hand it uses orthodox > Debian mechanisms to provide a database and web server. > > (Among the questions this raises is: why sudo? Using it costs you an > extra "Pre-Depends: sudo", but all you need there is su!) if disabled-login option is used su can't run commands as that user but sudo can. > So maybe something like: > > This installer package downloads diaspora (also pulling in runtime > dependencies as rubygems) and configures it to use PostgreSQL and > Nginx. updated. > (Or should that be "as rubygems bundles"/"as a rubygems bundle"?) above is fine. > [...] >> I have made further changes to make SSL configuration optional, see the >> new templates. >> >> I have also created a diaspora-gems-compat. See its control file attached. > [...] > >> Template: diaspora-common/ssl >> Type: boolean >> Default: true >> _Description: Enable https? >> If you enable https, you require at least a self-signed SSL certificate to >> access this diaspora instance (as Nginx is configured to respond only to https >> requests). Such a certificate (which can be generated using, for instance, >> the package easy-rsa) is enough for local testing, but will not be accepted >> for federation with other Diaspora pods. > > This would be more straightforward without the second-person, and it > introduces the "self-signed" part at the wrong point. > > Enabling https means that an SSL certificate is required to access this > Diaspora instance (as Nginx will be configured to respond only to https > requests). A self-signed certificate is enough for local testing (and > can be generated using, for instance, the package easy-rsa), but will > not be accepted for federation with other Diaspora pods. > >> . >> You may also disable https if you want to access diaspora only locally, via >> unicorn on port 3000. If you disable https, nginx configuration will be >> skipped. > > Via unicorn?! Oh, it's some sort of HTTP app-server thing. Well, > there's a capitalisation shortfall for a start. > > . > You can disable https if you want to access Diaspora only locally, via > Unicorn on port 3000. If you disable https, Nginx configuration will be > skipped. > > (I'm not insisting on "HTTPS" since in fact there are contexts where > the specifications say the lowercase version is correct.) > >> . >> Some certificate authorities like StartSSL (startssl.com), WoSign >> (buy.wosign.com/free) offer free SSL certificates that works with diaspora; >> however, certificates provided by CAcert will not work with diaspora. > > English fixes: > > . > Some certificate authorities like StartSSL (startssl.com) or WoSign > (buy.wosign.com/free) offer free SSL certificates that work with Diaspora; > however, certificates provided by CAcert will not work with Diaspora. > > And it would make more sense to put this after the "yes to SSL" > paragraph instead of after the "no to SSL" one. So: > > Enabling https means that an SSL certificate is required to access this > Diaspora instance (as Nginx will be configured to respond only to https > requests). A self-signed certificate is enough for local testing (and > can be generated using, for instance, the package easy-rsa), but will > not be accepted for federation with other Diaspora pods. > . > Some certificate authorities like StartSSL (startssl.com) or WoSign > (buy.wosign.com/free) offer free SSL certificates that work with Diaspora; > however, certificates provided by CAcert will not work with Diaspora. > . > You can disable https if you want to access Diaspora only locally, via > Unicorn on port 3000. If you disable https, Nginx configuration will be > skipped. Updated. >> Package: diaspora-gems-compat > [...] >> . >> This package provides a different version of a rubygem when the version >> available in debian is incompatible with diaspora. For example, debian has >> 3.x version of bootstrap-sass, but diaspora needs version 2.x. So this package >> provides 2.x version of bootstrap-sass. > > Well, okay. > > This package provides different versions of rubygems for which the version > available in Debian is incompatible with Diaspora. For example, Debian has > 3.x version of bootstrap-sass, but Diaspora needs version 2.x. So this package > provides the 2.x version of bootstrap-sass. > It was suggested to move this inside diaspora itself, so this is no longer needed.
Attachment:
signature.asc
Description: OpenPGP digital signature