On 26 Nov 2009, at 15:09, Norman Fournier wrote:


Worst case scenario. What if we are wrong?

Some smart punk hacks the plone and posts the hack or hints somewhere. How many Macs can we afford to give away? How long can we afford to pay lawyers to fight spurious claims in court?

A risk analysis should be air-tight before any contest is publicized. Even the smallest give-aways are fraught with legal complications which is why contest legal copy takes so much space on an entry form.

For me, I am not liking this idea at all. I think there may be more positive ways for plone to get this message across without exposing the software to a million punk hackers with a goad like both Screw Plone and Win a Mac at the same time!

You also might have difficulty getting the site hosted somewhere. If you can't get to Plone you then try the OS. If you cant get the OS you try the network... etc. For instance, probably the easiest way to get in there would be to do something like a password reset request and try and intercept the email, so you might then find an attack against an email server somewhere else as a result. Quite risky.

Hrmm... I wonder what Amazon would say about it? Wonder if you could host it on EC2? You could easily setup a FreeBSD server with Plone running on it. Lock everything else down (ssh via keys only etc). I guess you could privately invite Plone core developers to take a pop at it first, they are likely to know any 'weak' spots if any in Plone itself.


Matt Hamilton                                       ma...@netsight.co.uk
Netsight Internet Solutions, Ltd.           Understand. Develop. Deliver
http://www.netsight.co.uk                             +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting

Evangelism mailing list

Reply via email to