[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LedgerSMB rpm spec
- Subject: Re: LedgerSMB rpm spec
- From: Mads Kiilerich <..hidden..>
- Date: Thu, 19 Oct 2006 02:35:22 +0200
So the .htaccess should be included in the rpm? In that case an upgrade
would introduce it again...
No. I was thinking of generating it the same way you generate the
members file. I am assuming that what you put in that part of the
script won't get regenerated on each upgrade... Otherwise your user
account info would be wiped out...
Stuff tagged with %config(noreplace) in the %files section will not
overwrite but be put in a .rpmnew or something next to an existing file.
But if the is non-existing it will be (re)introduced...
Is there any reason why we couldn't have the instructions be
duplicated in the following areas:
(which of course is served out if the .htaccess file exists)
Sure we can.
In that case: Instead of using .htaccess why not just use
/etc/httpd/conf.d/ledger-smb-httpd.conf and let it contain
# Point at documentation
Alias /ledger-smb /usr/share/doc/ledger-smb-xxx/
# To enable ledger-smb active the line below instead of the one above
# Alias /ledger-smb /usr/share/ledger-smb/
But my gut feels bad about all this. The master password should be _the_
single point of "obscurity" preventing abuse. I don't like leaving that
hole wide open and trying to guard it with other fences...
Currently there is no security problem at all; there are other problems
preventing any kind of use or abuse anyway. Lets get them fixed first! ;-)