[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upcoming Cherokee webserver providing a webapp-market - Opinions please?

Hi Gunnar, 

Thanks for asking -project, I think it's good to query a wide community for this 
sort of questions.

Le Tuesday 22 February 2011 23:41:03 Gunnar Wolf, vous avez écrit :
> • Important portions of what the Marketplace is offering is already
>   offered by Debian.
>   • Counterargument: Webapps in Debian are usually not ready to be
>     installed and used when running anything other than Apache

I think there is possibly a lack of a standard way to install and configure web 
applications (although I am aware of the Webapps policy); but it is certainly a 
very hard thing to do correctly, especially within the "Universal Debian", with 
its gazillion possible combinations of http servers, programming and interpreted 
languages, databases, etc.

If those marketplace offerings can't be easily used with cherokee, then it's 
probably a (wishlist) bug.

> • How does this fit in the FHS? Marketplace apps are downloaded into
>   /var/lib/cherokee/ows/root; they use the OS provided applications,
>   languages and libraries (i.e. PHP, MySQL, etc).

In my understanding, this basically means a looong possible nightmare for the 
maintainers of those marketplace applications, with various versions of various 
software to handle during the Wheezy lifecycle. Of course PHP doesn't change 
every two weeks; still "our" distributed PHP will have an influence on all those 
marketplace applications. But maybe it's less of a concern than I might think.

>   Their installer will give the user the precise apt-get command to issue to
>   satisfy the dependencies.

… but now with this I have a concern. How would this "command" be handed to the 
user? A line to copy-paste? (And why apt-get and not 
cupt/aptitude/synaptic/whatever?) A "please gimme your root pass and I'll do it 
for your" sort-of-thing ?

I am particularily concerned about a possible "endorsement" by cherokee and/or 
its marketplace of non-Debian packages/repositories, etc. Whatif an application 
wants a package from contrib, non-free or debian-multimedia?

> • Although the Marketplace should be active by default, it is not
>   usable until the user registers and provides the adequate
>   credentials to cherokee-admin. That is, the user must be aware he is
>   getting outside of Debian-land when installing their apps.

That'd be a bare minimum (IMHO).

> But I feel I need your input before packaging this functionality.

I also must say I am very ambivalent with this prospective functionality. On one 
side I see a nice way to push web applications in a (cherokee-)standard way, and 
probably a convenient way for administrators to install cherokee-baked 
applications (which is probably a positive thing for Octality).

On the other side tough, I don't feel comfortable in handing control of the 
packaging system to a particular application, even less so if this application 
comes from outside Debian (as any marketplace application might very well be). 
Letting non-Debian software impose conditions on installed packages doesn't 
sound sane to me (e.g. whatif one application wants mysql-5.0 and another one 
wants mysql-5.1).

If there are flaws or problems in Debian policies that makes the creation of 
packages for those cherokee-fitted applications impossible, then the solution 
shouldn't be to create a marketplace outside Debian, but to fix those flaws and 
problems. Debian already has a coherent way of distributing packages towards its 
users, taking care of dependencies, etc. why not using it directly?

A much saner way of providing cherokee-fitted applications is IMHO to create 
debian packages out of them, pushing them to Debian if they are DFSG-free 
software and pusing them to non-free if they are not. And if the Debian 
framework is too tight for this, then creating external repositories is the 
lesser evil (then they don't even need to comply to the Policy [bleh]).

So, if I try to summarize my POV; I'm far from being in favor of such a system 
in Debian. Altough it's certainly a nice and uniform way for Octality to push 
applications towards Cherokee users, it opens a far too big can of worms 
(intrusion in package handling, security concerns, non-free applications on 
which we have zero control, …) that can only escape off Debian hands. Maybe it 
could find a place in contrib or non-free, but I can only hardly see this type 
of marketplace integration in a stable release.



Didier Raboud, proud Debian Developer.
CH-1020 Renens

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: