[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, 30 Dec 2012 20:05:44 +0000 Adrian Midgley <amidgley@xxxxxxxxx> wrote: > On 30 December 2012 18:36, paul sutton <zleap@xxxxxxxxx> wrote: > > > Ok so what do we need for a lug website > > I'd agree with the list. > > I'd say for durability and interest there should be several people > with update permissions. We have numerous people with write permissions within drupal currently. More can be added. > It is not clear to me that any of it needs a CMS. I actually agree. What we need is more people generating content - a CMS is one possible way of doing things but there is essentially no difference between any of the CMS solutions beyond their relative security weaknesses and ease of administration. There are reasons why sites like debian.org do not use a CMS - the wiki is quite enough hassle as it is. No CMS is particularly secure, Simon & I picked drupal as the least worst for what we thought we could manage. I also disagree that this is necessarily something which warrants generating content at all costs or accepting content which would only be generated if we make the site so easy to use that it becomes unmaintainable and insecure. So making the site friendly to people who wouldn't use anything except Web2.0 is not an acceptable constraint. It can be accommodated as a feature but it cannot be imposed as a requirement. Documentation worth reading is usually worth some effort in the writing. Any CMS must always be a compromise because all CMS solutions explicitly try to make something easier and ease of use always has the potential to undermine security. Whatever CMS we use, if it proves to be unmaintainable at some point in the future, the current admins will not hesitate to lock it down and only update the site via SSH. (If that does happen, Simon & I won't be spending time discussing it on the list or even IRC, it will just happen and a notice posted later, as I've had to do once before.) The primary reason why any CMS becomes unmaintainable is unfixed security holes. As Simon mentions, all solutions are potentially vulnerable, including CGI and SSH. The more layers are added, the worse the problem becomes. So adding a CMS with it's PHP layers and database layers and javascript layers and the rest *on top* of apache and SSH only makes security harder. More layers, more potential for holes. A CMS (any CMS) is an added burden but, for now, it is a burden we (as dcglug admins) are happy to support. Don't underestimate the amount of content generated by the mailing list archive - it is very well indexed and most people will ask Mr Google before reading documentation on a LUG website. -- Neil Williams <linux@xxxxxxxxxxxxxx>
Attachment:
pgpM4tLGQ9Vay.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq