On Wed, 2005-07-27 at 04:24 +0200, Penny Leach wrote:
>
> It went really well & Andrew McMillan (cc'd) took notes and is supposed
> to be sending them to this list at some point.
Having now been forcibly reminded, I include a document which is a
consolidation of the notes I took, and the notes taken by Dmitri
Borodaenko before he had to leave.
And I'm even subscribed to the list now too, so no need to CC me on
replies (although that's fine if you want too).
Regards,
Andrew McMillan.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Web Apps BoF
============
Present (at various times): Jonas Smedgard, Micah Anderson, Penny Leach,
Gunnar Wolf, Martin Langhoff, Dmitri Borodaenko and possibly others
whose names I didn't know.
Meta Things
===========
Initially these are going to be guidelines. Later the ones that are
successful will likely become recommendations, and further down the
track they should become policy.
We need recommendations, not rules at this stage. Or at least not too
many rules.
We need to write policy, but we need to write code to implement it
before we can expect people to do
Database
========
create database
create account
generate database
DB app policy
Templates
=========
merging changes is pain
conffiles or not at all
if app has templates then try hard to make it possible to load
additional templates from /usr/local/share/<package>/<abi-version>
Virtual hosts, FHS
==================
vhost->server-flavour
/srv tree
cgi-bin location
wrap around web-server
several config templates per web-server
Web-editable configuration
==========================
Don't ever use /var/www
Recommend to remove first setup page and have a Debian way of dealing
With such setup (due to security considerations); Debian way here is:
Have sane defaults and debconf for the sane options
No web-app writable files in /etc
Resource changeable by web-server: /var/lib, www-data writable
From admin pov installation of web app package should, after a few (as
few as possible) debconf questions, be in a usable state and not require
any more configuration. Espcially, the web app should never be in an
unauthenticatinable Admin Mode via HTTP
Security
========
PHP libraries in /usr/share/php
Web App Criteria
configuration files
Remote Database Packages
========================
We want the database package maintainers to create “remote-” packages
allowing specification of remote database, user and host information so
that we can also attempt automatic upgrades of databases that are
remote, as well as for local ones.
Web Applications should depend on dbconfig-common as well as depending
on (local-database-version | remote-database-version).
Local Administration
====================
If the local admin decides to use the remote-... package, the
information is requested through debconf for the remote database. The
next web application that chooses a remote host could choose to use the
existing details, or could choose to configure a new
Databases we need to consider
=============================
PostgreSQL
LDAP
Firebird
MySQL
...
"Magical" Upstream Upgrade programs
===================================
How do we handle applications that have magical web interface upgrades?
The general recommendation is that the upgrade should be done outside of
the web application. In as many cases as possible we
Restricting Application During Upgrade
======================================
Several approaches may be possible, e.g. dropping in a .htaccess file
during the upgrade, stopping the web server during the upgrade, and so
forth. We all agreed that the decision is up to the web application.
Depending on a Webserver
========================
Is an application-specific thing.
Bundling is Bad
===============
When upstream wants to bundle (e.g.) PEAR then we should endeavour to
rip it out and depend on a package of it.
It is possible that the different library versions might need versioned
package names and locations.
-------------------------------------------------------------------------
Andrew @ Catalyst .Net .NZ Ltd, PO Box 11-053, Manners St, Wellington
WEB: http://catalyst.net.nz/ PHYS: Level 2, 150-154 Willis St
DDI: +64(4)803-2201 MOB: +64(272)DEBIAN OFFICE: +64(4)499-2267
Yow! Are we wet yet?
-------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part