Worst case is really bad publicity. But then is it?
If it got hacked we'd patch it immediatly and patch most systems out
there and we'd explain how that system works in advance. Basically use
it to explain how open source increases security and speed of patches.
It would also show that we take security seriously.
Dylan Jay
Technical solution manager
PretaWeb 99552830
On 27/11/2009, at 2:09 AM, Norman Fournier <nor...@normanfournier.com>
wrote:
Hello,
Worst case scenario. What if we are wrong?
Some smart punk hacks the plone and posts the hack or hints
somewhere. How many Macs can we afford to give away? How long can we
afford to pay lawyers to fight spurious claims in court?
A risk analysis should be air-tight before any contest is
publicized. Even the smallest give-aways are fraught with legal
complications which is why contest legal copy takes so much space on
an entry form.
For me, I am not liking this idea at all. I think there may be more
positive ways for plone to get this message across without exposing
the software to a million punk hackers with a goad like both Screw
Plone and Win a Mac at the same time!
My $.02.
Norman
On 2009-11-25, at 10:28 PM, Nate Aune wrote:
I think it's a great idea. Set up a server (perhaps using the
Hardening Plone howto below) and let the games begin!
http://plone.org/documentation/how-to/securing-plone/
Nate
On Wed, Nov 18, 2009 at 11:52 AM, Jan Ulrich Hasecke
<juhase...@googlemail.com> wrote:
Hi all,
what do you think about a hacking contest? We setup a plain plone
site and who ever hacks it first wins a mac or a playstation or
whatever.
All exploits must be documented of course so that we can fix them.
We promote Plone as a secure system and can document it with the
CVE entries but often people say, yeah, but there are a lot less
installations of Plone than there are of PHP-systems, so you
cannot compare the figures.
So lets challenge the hackers!
This could be an online event with a great publicity effect may be
in the run-up to the World Plone Day.
What do you think?
juh
Jan Ulrich Hasecke
(DZUG e.V.)
--
DZUG e.V. (Deutschsprachige Zope User Group)
www.dzug.org
www.zope.de
_______________________________________________
Evangelism mailing list
Evangelism@lists.plone.org
http://lists.plone.org/mailman/listinfo/evangelism
--
Nate Aune - na...@jazkarta.com
http://www.jazkarta.com
http://card.ly/natea
+1 (617) 517-4953
_______________________________________________
Evangelism mailing list
Evangelism@lists.plone.org
http://lists.plone.org/mailman/listinfo/evangelism
_______________________________________________
Evangelism mailing list
Evangelism@lists.plone.org
http://lists.plone.org/mailman/listinfo/evangelism
_______________________________________________
Evangelism mailing list
Evangelism@lists.plone.org
http://lists.plone.org/mailman/listinfo/evangelism