guillomovitch
commented
1 year ago Sorry for the unexpected references to github issues in the commit messages.
Closed guillomovitch closed 1 year ago
guillomovitch
commented
1 year ago Sorry for the unexpected references to github issues in the commit messages.
amuehlem
commented
1 year ago Thank you very much!
Hello.
Here are two set of changes: while the first three ones are trivials, the last three ones are more controversial. By enforcing stricter file permissions, and making apache user unable to modify the application, it makes the application more robust against tampering, but also prevent self-upgrade. Whereas it doesn't matter if you use newer versions of the package itself for application update, but it can be if you only on the package for initial deploiement (and you don't care about rpm integrity checking).
They are potentially many different possible ownership and permission schemes to achieve the same result, I volontarily selected the easiest for the first attempt.