HEADS UP for maintainers of web applications

Brooks Davis brooks at one-eyed-alien.net
Sat May 13 00:58:45 UTC 2006

On Thu, May 11, 2006 at 02:17:21AM -0700, Doug Barton wrote:
> Pav Lucistnik wrote:
> > Hi people,
> > 
> > it will soon become mandatory to stop installing web applications into
> > Apache specific directories, like ${PREFIX}/www/data,
> > ${PREFIX}/www/cgi-bin etc.
> How did those directories become "apache specific," and where was that
> decision and the prohibitive policy discussed and agreed to?
> > All web applications should be now installed into ${PREFIX}/www/appname.
> Why? What benefit does this give us, and what was the cost of doing it the
> way it's been done for a long time already?

IMO, the best reason for this change (which I've thought was the right
thing to do for a long time) is that installing things into www/data
means they are immediately available to the entire world if the webserver
is up.  That violates our normal principles of not running servers
without administrator intervention simply because the server happens to
have been installed.

-- Brooks

Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060513/b8c7ba8c/attachment.pgp

More information about the freebsd-ports mailing list