On 26 Nov 2009, at 15:09, Norman Fournier wrote:
Hello,
Worst case scenario. What if we are wrong?
Some smart punk hacks the plone and posts the hack or hints
somewhere. How many Macs can we afford to give away? How long can we
afford to pay lawyers to fight spurious claims in court?
A risk analysis should be air-tight before any contest is
publicized. Even the smallest give-aways are fraught with legal
complications which is why contest legal copy takes so much space on
an entry form.
For me, I am not liking this idea at all. I think there may be more
positive ways for plone to get this message across without exposing
the software to a million punk hackers with a goad like both Screw
Plone and Win a Mac at the same time!
You also might have difficulty getting the site hosted somewhere. If
you can't get to Plone you then try the OS. If you cant get the OS you
try the network... etc. For instance, probably the easiest way to get
in there would be to do something like a password reset request and
try and intercept the email, so you might then find an attack against
an email server somewhere else as a result. Quite risky.
Hrmm... I wonder what Amazon would say about it? Wonder if you could
host it on EC2? You could easily setup a FreeBSD server with Plone
running on it. Lock everything else down (ssh via keys only etc). I
guess you could privately invite Plone core developers to take a pop
at it first, they are likely to know any 'weak' spots if any in Plone
itself.
-Matt
--
Matt Hamilton [email protected]
Netsight Internet Solutions, Ltd. Understand. Develop. Deliver
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting
_______________________________________________
Evangelism mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/evangelism
