Repo layout wrt security
Hi,
I just discovered your software from LinuxFr, and I'm trying to install it.
I noticed that we have to point apache to the root of the git checkout. For me, this is a problem: apache will serve all files (including the ones in bin/ and the ones in .git/ ) The .git is especially problematic if someone try to adapt your software to add some kind of authentication to start a new game for example.
A quick work-around I do is to put a .htaccess to limit access
But I think a better thing would be to separate the whole project from the files to serve (even if most files will be to serve in your case) by putting all file to serve into a sub directory (for example web/ or www/ or public/ or ...) Then, apache should be configurated to look into the subdirectory directly (and, for upgrade or future misconfiguration, a .htaccess in the root dir can be setup to always serve a static page telling that this (root) directory must not be served).
If you agree (and tell me which subdirectory name you prefer), I can prepare a merge request.
Regards Vincent