[ciphershed] Re: Website & publicity
- From: "Alain Forget" <aforget@xxxxxxx>
- To: <ciphershed@xxxxxxxxxxxxx>
- Date: Wed, 18 Jun 2014 12:34:39 -0400
Hm, I think we definitely want it to be easy for project members to edit the
website without opening up our servers or relying on a single person (potential
bottleneck), as it seems moving away from a WP-type solution would entail.
Regarding histories of security vulnerabilities, is there an example of any
technology that *doesn't* have a history of security issues? :-P However,
perhaps Stephen was concerned that WP is more security-bug prone than other
alternatives?
Unless there are strong objectives or other recommendations, I am happy with
WordPress, so long as we keep it updated and closely monitor WordPress'
security status. There are sufficient websites out there that rely on it and (I
hope) sufficient people who care about its security that any vulnerabilities
are quickly addressed. Should there be a serious vulnerability, we could
temporary take down our WP site, and put up a plainer HTML page (with
bootstrap.js, node.js, or anything else to make it slicker) while the WordPress
security flaw is being fixed. Niklas, could it be easily architected to make it
easy for us to make this switch in an emergency?
Besides, it's just our web pages...what's the worst that could happen? (Famous
last words :-P)
Alain
-----Original Message-----
From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx]
On Behalf Of Niklas Lemcke - ???
Sent: Wednesday, June 18, 2014 12:21
To: ciphershed@xxxxxxxxxxxxx
Subject: [ciphershed] Re: Website & publicity
I could also give chrooted ftp access to the directory, but I don't
really want to run a ftp server if I don't have to. Might not be better
than WP.
On Thu, 19 Jun 2014 00:18:52 +0800
Niklas Lemcke - 林樂寬 <compul@xxxxxxxxxxxxxx> wrote:
> Stephen: you have a point there. Though as you already mentioned, .html
> would mean I have to use vim to edit it -- which is ok -- but if I'm on
> the road there will be no updates. An alternative would be giving others
> chroot jailed ssh access, but I'm no fan of that.
> Thus I resorted to WP because a) I know it and b) it's being actively
> maintained and regularly updated, so it's something we shouldn't need
> to worry about. That can of course be discussed.
> Maybe there's already some kind of service that could take signed
> emails by a fixed set of addresses and save them as a file? That could
> work.
>
> Alain: It would be even easier to move it out of WP into some static
> html or php files. The problem is that then only I would be able to
> edit. I'm usually always around at least my laptop, but there are rare
> times when I'm not. That would suck. We have to weigh our options here.
>
> I personally don't think bootstrap would be necessary. The page is very
> simple, so it would be fairly easy to make a responsive layout out of
> it. But CipherShed is a desktop software, so I think that wouldn't
> even be necessary. Also we would still have the same problem about
> editing and ssh.
>
> Any pro's / con's about either using something like WP, or just having
> me as a single editor? Maybe some completely different ideas?
>
>
--
Niklas
At the time of writing, no warrants have ever been served to me, Niklas
Lemcke, nor am I under any personal legal compulsion concerning the
CipherShed project. I do not know of any searches or seizures of my
assets.
Other related posts:
