[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LedgerSMB rpm spec

So the .htaccess should be included in the rpm? In that case an upgrade
would introduce it again...

No. I was thinking of generating it the same way you generate the
members file.  I am assuming that what you put in that part of the
script won't get regenerated on each upgrade...  Otherwise your user
account info would be wiped out...

Stuff tagged with %config(noreplace) in the %files section will not overwrite but be put in a .rpmnew or something next to an existing file. But if the is non-existing it will be (re)introduced...

Is there any reason why we couldn't have the instructions be
duplicated in the following areas:

package info
(which of course is served out if the .htaccess file exists)

Sure we can.

In that case: Instead of using .htaccess why not just use /etc/httpd/conf.d/ledger-smb-httpd.conf and let it contain
   # Point at documentation
   Alias /ledger-smb /usr/share/doc/ledger-smb-xxx/
   # To enable ledger-smb active the line below instead of the one above
   # Alias /ledger-smb /usr/share/ledger-smb/

But my gut feels bad about all this. The master password should be _the_ single point of "obscurity" preventing abuse. I don't like leaving that hole wide open and trying to guard it with other fences...

Currently there is no security problem at all; there are other problems preventing any kind of use or abuse anyway. Lets get them fixed first! ;-)