On Sun, Mar 18, 2012 at 8:09 PM, Daxter <xovat...@gmail.com> wrote: > On Mar 18, 2012, at 8:04 PM, Leah Hicks wrote: > > I have done my research, although I have to admit wordpress is not > perfect. If it is *really* that big of an issue then we will simply not > use it. And yes I'm aware of the current implementation however it uses > javascript which will not run if users have javascript disabled. If someone > can find a workaround for that I'm golden. > > The problem with any CMS is that if/when Freenet gets a lot of publicity > (e.g. something was leaked via Freenet) then it will undoubtedly be under > attack. Allowing dynamic content at all is asking for trouble. I think it's > best to keep the main site static, generated beforehand with a templating > engine--my favorite being HAML (http://haml-lang.com). >
I think ruling out any dynamic content for security reasons is excessive, there are plenty of secure dynamic websites. That being said, Wordpress does have a history of vulnerabilities, my person blog has been hacked twice due to vulnerabilities in Wordpress, although not in the last 2 years. I've heard from various people that Wordpress' source code is a total mess, and they have a caviler attitude towards security holes (basically their attitude is that if you don't upgrade the minute we release a new version it's your own fault if you get hacked). Getting hacked would be far more damaging for us than most projects given that people download and install software from our site. So I agree with the reluctance about using Wordpress, but it's going to far to rule out any dynamic content. This isn't 1996. Ian. -- Ian Clarke Founder, The Freenet Project Email: i...@freenetproject.org
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
