[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blog.debian.org - technical planning


On Sun, Nov 07, 2010 at 06:07:02PM +0100, Stefano Zacchiroli wrote:
> The best  way forward is to provide a list of requirements and find the software
> which best matches it. AFAICT thus far we have:
> - decent security track record

Actually, wordpress have a very good track it in the last 2 years =) It is true
they had a lot of vulnerabilities during 2007/8 but my impression this was due
the big raise of the popularity in wordpress that led to a lot of eyes
looking (good!). 
You also have to make a difference between the security bugs in wordpress
and the security bugs in wordpress plugins that are totally optional.

Most of the people having problems with wordpress are due to:
- very outdated installation
- third party plugins of bad quality and/or outdated.
- they blogged from an open network and their password was intercepted.
(wordpress default installation does not tell you to use https, althought
they have documentation about how to do it)

Then, you have all this stuff happening with any blogging system if it is not
properly maintained.

I am sure there will be more security problems in the future with wordpress, 
but then wordpress development team is also known for publishing updates timely
and having a lot of experience on handling security bugs (hey, the learn during 
the bad years mentioned earlier:))

> - support for common blogging features (comment, ping/trackback, …)

No need to say wordpress has a strong focus on that.

> - some way of having guest post authors (I dream of a CMS-like workflow
>   where every DD can submit a blog post for review/publication)

It is very easy having a contributor account with a DD-known password.  The
contributer accounts can write post, do a preview of the post, but not
When you write a post, there is already a custom field in news.d.n named
'contributed by' that adds the blurb in the bottom of the post:
'Post contributed by XXX.'

> - someone willing to administer it :)

That's me! It is something I am *already* doing.

> - accepted by DSA

I can not answer this. But it does not need to be installed in a
DSA-administered machine. (Note: I would not like taking this path,
but the alternative exists).

> I consider the above set of requirements more than reasonable.
> At present, the only volunteer I'm aware of as admin is Ana. So,
> trusting your security judgement which is surly more informed than mine,
> we should ask whether Ana would be fine with MovableType.

Even if MovableType has all the stuff wordpress have, no, I am not willing 
to use MovableType because I am fully happy with wordpress.  


Reply to: