Hi Gunnar, Thanks for asking -project, I think it's good to query a wide community for this sort of questions. Le Tuesday 22 February 2011 23:41:03 Gunnar Wolf, vous avez écrit : > > • Important portions of what the Marketplace is offering is already > offered by Debian. > • Counterargument: Webapps in Debian are usually not ready to be > installed and used when running anything other than Apache I think there is possibly a lack of a standard way to install and configure web applications (although I am aware of the Webapps policy); but it is certainly a very hard thing to do correctly, especially within the "Universal Debian", with its gazillion possible combinations of http servers, programming and interpreted languages, databases, etc. If those marketplace offerings can't be easily used with cherokee, then it's probably a (wishlist) bug. > • How does this fit in the FHS? Marketplace apps are downloaded into > /var/lib/cherokee/ows/root; they use the OS provided applications, > languages and libraries (i.e. PHP, MySQL, etc). In my understanding, this basically means a looong possible nightmare for the maintainers of those marketplace applications, with various versions of various software to handle during the Wheezy lifecycle. Of course PHP doesn't change every two weeks; still "our" distributed PHP will have an influence on all those marketplace applications. But maybe it's less of a concern than I might think. > Their installer will give the user the precise apt-get command to issue to > satisfy the dependencies. … but now with this I have a concern. How would this "command" be handed to the user? A line to copy-paste? (And why apt-get and not cupt/aptitude/synaptic/whatever?) A "please gimme your root pass and I'll do it for your" sort-of-thing ? I am particularily concerned about a possible "endorsement" by cherokee and/or its marketplace of non-Debian packages/repositories, etc. Whatif an application wants a package from contrib, non-free or debian-multimedia? > • Although the Marketplace should be active by default, it is not > usable until the user registers and provides the adequate > credentials to cherokee-admin. That is, the user must be aware he is > getting outside of Debian-land when installing their apps. That'd be a bare minimum (IMHO). > But I feel I need your input before packaging this functionality. I also must say I am very ambivalent with this prospective functionality. On one side I see a nice way to push web applications in a (cherokee-)standard way, and probably a convenient way for administrators to install cherokee-baked applications (which is probably a positive thing for Octality). On the other side tough, I don't feel comfortable in handing control of the packaging system to a particular application, even less so if this application comes from outside Debian (as any marketplace application might very well be). Letting non-Debian software impose conditions on installed packages doesn't sound sane to me (e.g. whatif one application wants mysql-5.0 and another one wants mysql-5.1). If there are flaws or problems in Debian policies that makes the creation of packages for those cherokee-fitted applications impossible, then the solution shouldn't be to create a marketplace outside Debian, but to fix those flaws and problems. Debian already has a coherent way of distributing packages towards its users, taking care of dependencies, etc. why not using it directly? A much saner way of providing cherokee-fitted applications is IMHO to create debian packages out of them, pushing them to Debian if they are DFSG-free software and pusing them to non-free if they are not. And if the Debian framework is too tight for this, then creating external repositories is the lesser evil (then they don't even need to comply to the Policy [bleh]). So, if I try to summarize my POV; I'm far from being in favor of such a system in Debian. Altough it's certainly a nice and uniform way for Octality to push applications towards Cherokee users, it opens a far too big can of worms (intrusion in package handling, security concerns, non-free applications on which we have zero control, …) that can only escape off Debian hands. Maybe it could find a place in contrib or non-free, but I can only hardly see this type of marketplace integration in a stable release. Cheers, OdyX -- Didier Raboud, proud Debian Developer. CH-1020 Renens odyx@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.