Re: F20 System Wide Change: Web Assets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/06/2013 10:46 AM, Miloslav Trmač wrote:
On Tue, Aug 6, 2013 at 5:27 AM, Robert Marcano <robert@xxxxxxxxxxxxxxxxx> wrote:
You make the decision by installing a js-foo package, just like you
make the decision to provide a web application by installing a package
for it.

"You make a decision by installing a package" is a really problematic
model, e.g. because packages can be dragged in by dependencies.

Do you know there are GNOME JavaScript applications? And that JavaScript is
being encouraged as a language for desktop applications? So all those
libraries that can be used on desktop and web clients will be shared by
default if I install a desktop application that need that library and a web
application that never uses that library? This is madness, why not share
/usr/bin via NFS too by default

There is actually a precedent for that - our default httpd
configuration aliases /icons, see e.g.
https://fedoraproject.org/icons/apache_pb2.png .  OK, these are "only"
public domain; then let's see httpd-manual, which publishes
Apache-licensed documentation in /manual.

And I don't see a problems with those examples, because they share only their contents, by installing them you don't share content from other packages.

Lets make an example of the mess this will create if I want to share a web application to the world and user another one on my intranet. I will call those Internet and Intranet application

Internet application requires JavaScript library intranet-library, and the same with intranet-library.

Both applications are installed, I as a sysadmin don't want to expose intranet used assets to the general public, so I need to make changes on it's respective apache configuration file in order to explicitly block /usr/share/web-assets/javascript/intranet-library.

A new update to intranet application adds a new requirement. new-intranet-library. So I as a sysadmin must be checking every package installed in order to see if it is exposing more things to the public. You can have many reasons for not wanting that, license of those files, avoid people linking to them and use your bandwidth.

I am not against creating some order and removing the privilege that JavaScript code and assets currently have of being allowed to be bundled on every package. But sharing /usr/share/fonts and /usr/share/javascript by default is bad.

I think web applications should link themselves to each asset they need on its directory/namespace. You will probably loose the advantage of having only one URL for the same file if you install multiple web applications, but you gain more control having each application using one directory/namespace and only one

SELinux must be taken into consideration too, be it that those directories get finally shared entirely or not. Will be created a new SELinux context for font (already exist), JavasScript code and other files?, in order to allow Apache to read files outside /var/www. With the current way of packaging of bundling everything this wasn't a problem because files were part of the application, not anymore with these proposal





(That's not necessarily a good argument that it's OK to do this way, I
just wanted to point out that this is not that new.)
     Mirek


--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux