On Thu, January 5, 2006 10:53 am, Theodore Serbinski said:
Ber,
I think your originally proposed structure based on RoR hit the nail on the head. It seems to me, that people are more concerned over the security of an install, keeping extra modules seperate from core ones, and making it easier to have multisite installs. Other than that, I don't think there is too much debate over exactly how this should be actually be implemented, provided it meets this criteria.
Perhaps as a starting point, we should define what everyone wants the criteria of this new structure to meet? If we can agree on that, then moving folders around shouldn't be too hard, as that is more semantics then anything.
So let me start it off, the new directory structure should:
1. Improve the security of a Drupal install by keeping all files private, except for an index.php, no module or include files should be accessible from a web browser
+1
2. Core modules and includes should be completely seperated from extra downloaded modules and themes. This should make backing up things easier, as you only have to back up your "custom" folder instead of all of the main Drupal ones
+1
3. The new structure should be multisite friendly. There should *not* be one files folder, but rather multiple ones, for multiple sites. You don't want that pr0n site on your multsite sharing the same images as your core business website, do you? ;-)
+1
Please add/revise to this so we can reach a consensus on this soon enough.
One thought I had, which may or may not suck, is to eliminate non-site-based additions but add an "all" site. To wit: /sites /all /modules /themes /theme-engines /default /modules /themes /theme-engines /files /example.com /modules /themes /files ... That way stuff that people used to put in /modules or /themes would go under /sites/all instead, but otherwise functionality is the same. Nothing outside of /sites is ever edited by a user (unless they're being silly and hacking core). Backup is then cp ./sites /my/backup/directory and you're done, and a .htaccess rule to hide ./sites/* is trivial. Thoughts? --Larry Garfield