Hm, I think we definitely want it to be easy for project members to edit the website without opening up our servers or relying on a single person (potential bottleneck), as it seems moving away from a WP-type solution would entail. Regarding histories of security vulnerabilities, is there an example of any technology that *doesn't* have a history of security issues? :-P However, perhaps Stephen was concerned that WP is more security-bug prone than other alternatives? Unless there are strong objectives or other recommendations, I am happy with WordPress, so long as we keep it updated and closely monitor WordPress' security status. There are sufficient websites out there that rely on it and (I hope) sufficient people who care about its security that any vulnerabilities are quickly addressed. Should there be a serious vulnerability, we could temporary take down our WP site, and put up a plainer HTML page (with bootstrap.js, node.js, or anything else to make it slicker) while the WordPress security flaw is being fixed. Niklas, could it be easily architected to make it easy for us to make this switch in an emergency? Besides, it's just our web pages...what's the worst that could happen? (Famous last words :-P) Alain -----Original Message----- From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Niklas Lemcke - ??? Sent: Wednesday, June 18, 2014 12:21 To: ciphershed@xxxxxxxxxxxxx Subject: [ciphershed] Re: Website & publicity I could also give chrooted ftp access to the directory, but I don't really want to run a ftp server if I don't have to. Might not be better than WP. On Thu, 19 Jun 2014 00:18:52 +0800 Niklas Lemcke - 林樂寬 <compul@xxxxxxxxxxxxxx> wrote: > Stephen: you have a point there. Though as you already mentioned, .html > would mean I have to use vim to edit it -- which is ok -- but if I'm on > the road there will be no updates. An alternative would be giving others > chroot jailed ssh access, but I'm no fan of that. > Thus I resorted to WP because a) I know it and b) it's being actively > maintained and regularly updated, so it's something we shouldn't need > to worry about. That can of course be discussed. > Maybe there's already some kind of service that could take signed > emails by a fixed set of addresses and save them as a file? That could > work. > > Alain: It would be even easier to move it out of WP into some static > html or php files. The problem is that then only I would be able to > edit. I'm usually always around at least my laptop, but there are rare > times when I'm not. That would suck. We have to weigh our options here. > > I personally don't think bootstrap would be necessary. The page is very > simple, so it would be fairly easy to make a responsive layout out of > it. But CipherShed is a desktop software, so I think that wouldn't > even be necessary. Also we would still have the same problem about > editing and ssh. > > Any pro's / con's about either using something like WP, or just having > me as a single editor? Maybe some completely different ideas? > > -- Niklas At the time of writing, no warrants have ever been served to me, Niklas Lemcke, nor am I under any personal legal compulsion concerning the CipherShed project. I do not know of any searches or seizures of my assets.