Matt Behrens wrote:
Yeah, I think the biggest problem with this setup is that it is all under one tree, which is what my proposal is trying to move away from in the first place.
Actually this is intentional. We host a lot of applications in our systems, and I have taken the advices of my syadmins in keeping important applications selfcontained. These apps are not alway developed by ourselves, we just host them for other parts of the university. We want them to be selfcontained, with everything they need to use at the versions thaty they were certfied against. If I need to uppgrade the python or apache for one app I can safely do so w/o worrying what impact it might have on other apps or having to backtrack possible dependencies. If I need to move my entire app to antoher machine, I can safely do so knowing that everything I need will be present in my tarball (or zip-arch). It is not about importance of package, it is about insulation, selfcontainment and ease of deployment efter development. Disk is cheap - time isn't.
Also, having the software core owned by the instance user isn't a really big issue in terms of a security risk, but it is so easy to correct that it's not really desirable.
We don't let users into our systems, and those who go in go by SSH :-) Anyway the zope ownership is just a convenience... Cheers, /dario