policy draft for web server modules, web applications, and database applications

abstract
	as it stands now, there is no common set of rules and guidelines
	for the mainers of packages that interact with databases, web
	applications, and web server modules.  this results in a large
	amount of code duplication, inconsistent package behavior, 
	possible unexpected data loss, and security concerns.  it is
	clearly evidenced that a common infrastructure and set of
	guidelines are needed to raise the overall quality of such
	packages.

terms and conventions
	httpd - any server providing http
	apache - most popular web server for apps and add-ons
	httpd modules/add-ons - httpd server enhancements (libapache_mod_*)
	static page - pages requiring no server interpretation/execution
	cgi/dynamic pages - pages requiring server interpretation/execution
	web application - suite of static/dynamic pages for common purpose
	database - any server-side persistant data storage (relational or non)
	database application - any application interacting with a database

goals
	policy reference for developers
		do's and don't's
	policy reference for users
		how these packages work in debian
	consistent/safe drop-in installation interface 
		web applications
		database applications
		httpd modules

web apps
	file system layout
		fhs
			guidelines for what goes in /var/(cache|lib) et c
		splitting config files
	interacting with httpd
		how to include configuration with httpd
			wwwconfig-common (and/or its successor)
		restarting the web server
	databases
		(see dbapps)
	security concerns
		default settings, usernames/passwords
	packaging
		debhelper macros
			dh_webapp
		how to get a list of different installed web servers
		how to select the target servers for installation
		priority selection guidelines

add on modules
	interacting with httpd
		apache modules-config
		wwwconfig-common (and/or its successor)
		restarting the web server
	packaging
		dh_httpd_module
		how to get a list of different installed web servers
		how to select the target servers for installation
		priority selection guidelines

database applications
	virtual packages
		(relational-)?database-server
	common package
		database-server-common
	security concerns
		promting/generating usernames/passwords
		no storing passwords in debconf
	packaging
		dh_mysql, dh_postgresql, et c.
		whether/how to prompt for leaving the database after purge
		selecting a database to use
		getting a list of database servers
		priority selection guidelines
	administration
		easy way for admin to remove or reinstall db
		used in packaging too.