-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 06 September 2004 3:27 pm, Niels Voll wrote: > Aren't those hacking episodes an attack on our collective pride at CLUG? > Are we going to crawl back into the "safety" of straight HTML, because > we think it's too much work to secure open source software? I hope not, > since I would find it rather embarrassing, if we'd admit defeat so easily.
Hell yes they are embaarassing. I'm not beyond admitting that the Nuke site was bloated, kludgy and probably way more than we needed. Simplifying the CLUG website may be what is needed to get the important information out there. If that is admitting defeat then I suppose that is it, there are way more of THEM than there are of us, we just don't have the resources to stay one step ahead of them. > Question 1: What do we want/need? Features, specs, etc... > -basic cms > - polls? This about covers it for me. What do YOU all want on the website? Keep in mind the longer the wish-list the more complicated it will be to maintain it. > Question 2: Build or buy or outsource (or in the case of free - as in > beer - software, "buy" becomes "acquire").? > - building is a ton of fun and learning, if there are interested people > - but building doesn't happen overnight, and there are no guarantees, > that a volunteer effort will ever be finished, or it will run out of steam > - so one needs at least a temporary solution for the short term and as > a fallback if the building takes longer or never finishes > - outsourcing could be to something like Yahoo groups, which have > quite a bit of the required functionality - for any other group maybe > the most reasonable choice, but probably a bit wimpy for a group of > Linux and OSS enthusiasts! I think we should build this ourselves. There is certainly enough talent within our group to be able to come up with something. Yes, there could be ample opportunity to use this as a skill building exercise. The temporary solution is in place, developmental space could be made available and the project could go forward. > Question 3: So if, we're acquiring software (at least for the short > term) and since security has clearly become an overriding concern, the > acquisition question comes down to a which approach to security do we take? > - do we get something a bit more secure by design and by mentality > and track record of the creators (this approach would eliminate PHPNuke), > or - do we deal with the security issues as an add-on (Like Roy has for > LLUG), then a widely popular and vulnerable system probably has rather > useful security add-ons (like much of the software originating in certain > parts of the north western U.S.!) At this point I am unfairly lumping all currently available CMS systems together. I think we should build this from the ground up with security as the primary concern. I pitched this to the PROGSIG guys months back that we could task them with building custom modules for our Nuke. Well this would still be an opportunity, we may not be using the Nuke but there is still room for custom modules. The poll is of immediate concern to me. I think the polls have been useful and I would hate to see that go away. How an we make it better? I can think of a number of ways. > Question 4: "Project" resourcing and leadership? > - does the executive feel they have enough time, desire and > qualifications to handle this amongst themselves, or > - is additional volunteer help from other members needed / desired? A > new mailing list for this project maybe? A meeting or two with > experienced and interested members? Both? This is an excellent question. I think we could make the time. Szemir, Jason and I are all web developers and we are all comfortable with PHP and database connectivity. Volunteers would be helpful and desirable. Yes, a new mailing list may be necessary, I guess it will depend on how many people are interested. Meetings would certainly get this off to the right start, we can table this topic for a portion of the next meeting but that is about 4 weeks away. > Question 5: Integrated or "best of breed" approach? > - integrated typically provides single login, consistent GUI, and > security administration metaphor, but has more bloat (unneeded features). > - "best of breed" allows more liberty in choice of components, but > tends to require more integration effort for the different pieces to > provide at least a single login, or it requires more ongoing maintenance > effort to manage the different logins. May not be a big problem, if the > number of site maintainers is small and the rest of the site is public. These are some interesting thoughts and depend heavily on what we believe we need. Coming up with needs and wants lists would be a good first step. Determining these things would probably answer question 5. > Anyway, just some thoughts from someone who has done quite a few of > these kinds of software projects. You input is valuable as always Niels, thank-you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQCVAwUBQTzzfgCQFPa+bt49AQLU2gP+LpAGOLXy0TCPFNZXtKm52UJOAafrVz4n HsQlmoM6Ya4hoOEKL2PGfSFFWoWXrP1cOuC/moXlWHq+0KJay3oNJ1rcNecHNVY4 arK2ygGp1MjSCTll2cneH/DoP7LG7vg+/QX12CvjLnDRO0mm0IPOxO0TgA60N0ME 76fomz5buOI= =kJXp -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
