On Jun 27, 2011, at 1:54 PM, Joe Schaefer wrote: > ----- Original Message ---- > >> From: Dave Fisher <[email protected]> >> To: Joe Schaefer <[email protected]> >> Cc: [email protected] >> Sent: Mon, June 27, 2011 4:45:40 PM >> Subject: Re: Top level question on website migration >> >> >> On Jun 27, 2011, at 1:31 PM, Joe Schaefer wrote: >> >>> ----- Original Message ---- >>> >>>> From: Alexandro Colorado <[email protected]> >>>> To: [email protected] >>>> Cc: Dave Fisher <[email protected]> >>>> Sent: Mon, June 27, 2011 4:25:12 PM >>>> Subject: Re: Top level question on website migration >>>> >>>> On Mon, Jun 27, 2011 at 3:18 PM, Joe Schaefer >> <[email protected]>wrote: >>>> >>>>> ----- Original Message ---- >>>>> >>>>>> From: Alexandro Colorado <[email protected]> >>>>>> To: [email protected] >>>>>> Cc: Dave Fisher <[email protected]> >>>>>> Sent: Mon, June 27, 2011 4:06:43 PM >>>>>> Subject: Re: Top level question on website migration >>>>>> >>>>>> On Mon, Jun 27, 2011 at 2:41 PM, Joe Schaefer <[email protected] >>>>>> wrote: >>>>>> >>>>>>> ----- Original Message ---- >>>>>>> >>>>>>>> From: Alexandro Colorado <[email protected]> >>>>>>>> To: [email protected] >>>>>>>> Cc: Dave Fisher <[email protected]> >>>>>>>> Sent: Mon, June 27, 2011 3:09:33 PM >>>>>>>> Subject: Re: Top level question on website migration >>>>>>>> >>>>>>>> On Mon, Jun 27, 2011 at 2:05 PM, Daniel Shahaf < >>>>> [email protected] >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Dave Fisher wrote on Mon, Jun 27, 2011 at 11:54:20 -0700: >>>>>>>>>> On Jun 27, 2011, at 10:55 AM, Alexandro Colorado wrote: >>>>>>>>>>> What about the rest of the questions: >>>>>>>>>>> - Do/Will apache.ooo have SSI (PHP/Python/Ruby/Ruby backend)? >>>>>>>>>> >>>>>>>>>> This is a really good question, but apparently not. I think >>>>> that >>>>>>> there >>>>>>>>>> are plenty of reasons for user support to require a dynamic >>>>> server, >>>>>>>>>> but I think that is a separate discussion. Rob's discussion >>>>> about >>>>>>> user >>>>>>>>>> support ideas and your response has me thinking Open Social. >>>>>>>>>> >>>>>>>>> >>>>>>>>> Server-side includes are supported, eg >>>>>>>>> http://svn.apache.org/repos/asf/subversion/site/publish/ >>>>>>>>> uses them. >>>>>>>>> >>>>>>>>> Dynamic content is not supported. >>>>>>>>> >>>>>>>>> Static content (however generated) is supported. >>>>>>>>> >>>>>>>> >>>>>>>> Is it possible to have some CRUD? >>>>>>> >>>>>>> Subversion is CRUD, and much more. Really you should take advantage >>>>>>> of what the CMS actually offers. >>>>>>> >>>>>> >>>>>> Subversion is NOT CRUD. If I want to add a form to a site, I can't > get >>>>> it >>>>>> connect the data to a datasource in SVN. >>>>> >>>>> The sites are static, but they are generated from a subversion tree. So >>>>> no, >>>>> you can't "connect to svn" from the site. But look at >> www.apache.orgwhich >>>>> has lots of "dynamic" content tho it is also uses the CMS. >>>>> >>>>>> So having a sign up sheet or a >>>>>> locate the closest OOo support center. I can't make that with >>>>> Subversion. >>>>> >>>>> It isn't the point of the main website to provide signup sheets. That's >>>>> something >>>>> a link to a wiki page can provide. Finding the closest OOo support >> center >>>>> is >>>>> something a CGI script can do that has access to read-only data on > disk. >>>>> >>>> >>>> Well I have ran main websites for projects for while, and I have missed >>>> this functionality many times. We also were very frustrated with >> Collbanet >>>> and other structures asking for true dynamic platform. >>> >>> So far the only person I see expressing frustration over the situation is >> you. >>> If there ever comes a time that a sufficient number of OOo committers can >>> demonstrate >>> some ability to maintain and operate a dynamic website that isn't riddled >> with >>> chronic security flaws, infra will be more than happy to setup a >> jail/virtual os >>> for you to use as you see fit. In the meantime I suggest you learn to make > >>> proper >>> use of the CMS. >> >> Joe, thanks for setting the bar. It might be high, but I agree that if we >> (AOOo) >> decides that we need to have a dynamic website as some type of support hub >> that >> we have a big task that requires careful design and implementation. > > ... and periodic software maintenance.
Yes, time to upgrade my Tomcat servers at work. Thanks for the reminder :-) > >> If we had a webapps that sits on Tomcat would that help lower the bar, if >> only >> slightly? > > No, that has nothing to do with it. Either the devs know how to write > web-safe > apps > or they don't. apache.org sites carry a big bullseye on them from a script > kiddie's > standpoint, and the last time we were rooted the exploit vector was an XSS > vuln > in jira. Gotcha. Whatever Web Interface needs to be narrow, well-defined, bullet proof and well tested with a committed team behind it. So, we at AOOo would have to prove we have the community and procedures in place in order to get to this point. Whatever we might do starts on a private site, or in an approved Apache jail. And if so the choices are here, http://www.apache.org/dev/services.html#virtual-servers, correct? Thanks, Dave
