[Pkg-giraffe-discuss] imported final release of zarafa-webapp and pushed latest changes to Alioth

[Carsten Schoenert]

Hello,

between the two Zarafa events in Amsterdam in Hannover there was the
Zarafa WebApp 2.1.0 released. I imported this version and pushed this
with some minor changes on the packaging to the Alioth repository.

I haven't made a tagged release as there may be some further suggestions
that should be done before a first upload to the archive. But there is
only one thing for me that I'd like to do before the first upload. And
that's related to the Apache configuration.

Currently there is only a Apache2 configuration shipped so there is a
primary orientation on Apache for now. But that's not my main concern,
the current website configuration is enabling a normal HTTP based
website by default. As user have to login into WebApp and is writing
credentials for this a plain http site is a bad decision I think. I
wouldn't like to see this and the administrator should enable the
zarafa-webapp with the http alias by it's own.

Instead of this we should enforce the administrator to set up a website
with https, but for this there are certificates needed. In bigger setups
there will be a (own) CA used to create the needed certificates. So how
to handle this?

So the question is now, should we create a simple debconf dialog there
the administrator can easily enable the http site with a big warning or
doing nothing on this and the administrator is doing a "a2ensite
zarafa-webapp" by himself if wanted.

And depending on this I'm not verry happy with the current behavior via
postinst and postrm there the website is disabled (postrm) and reenabled
by default (postinst) by no really needs. We can control this mainly in
the postinst and just reload the Apache configs if needed.

But there may be other point of views ...

-- 
Regards
Carsten Schoenert