[development] let's cleanup /misc

Larry Garfield larry at garfieldtech.com
Fri Jan 6 00:31:37 UTC 2006

On Thu, January 5, 2006 10:53 am, Theodore Serbinski said:
> Ber,
> I think your originally proposed structure based on RoR hit the nail
> on the head. It seems to me, that people are more concerned over the
> security of an install, keeping extra modules seperate from core ones,
> and making it easier to have multisite installs. Other than that, I
> don't think there is too much debate over exactly how this should be
> actually be implemented, provided it meets this criteria.
> Perhaps as a starting point, we should define what everyone wants the
> criteria of this new structure to meet? If we can agree on that, then
> moving folders around shouldn't be too hard, as that is more semantics
> then anything.
> So let me start it off, the new directory structure should:
> 1. Improve the security of a Drupal install by keeping all files
> private, except for an index.php, no module or include files should be
> accessible from a web browser


> 2. Core modules and includes should be completely seperated from extra
> downloaded modules and themes. This should make backing up things
> easier, as you only have to back up your "custom" folder instead of
> all of the main Drupal ones


> 3. The new structure should be multisite friendly. There should *not*
> be one files folder, but rather multiple ones, for multiple sites. You
> don't want that pr0n site on your multsite sharing the same images as
> your core business website, do you? ;-)


> Please add/revise to this so we can reach a consensus on this soon enough.

One thought I had, which may or may not suck, is to eliminate
non-site-based additions but add an "all" site.  To wit:


That way stuff that people used to put in /modules or /themes would go
under /sites/all instead, but otherwise functionality is the same. 
Nothing outside of /sites is ever edited by a user (unless they're being
silly and hacking core).  Backup is then cp ./sites /my/backup/directory
and you're done, and a .htaccess rule to hide ./sites/* is trivial.


--Larry Garfield

More information about the development mailing list