* Michael T?nzer <NEOatNHNG at users.sourceforge.net> [2008-05-08 17:41:55]:
> Florent Daigni?re schrieb: > > * Michael T?nzer <NEOatNHNG at users.sourceforge.net> [2008-05-08 05:04:07]: > > > >> In the last few weeks I've done some work on the website. While > >> translating it, there were some things that struck me so I changed them. > >> But our site is still far from perfect. It lacks a attractive design and > >> some features that would be quite handy (e.g. select the language by > >> hand, RSS-Feeds, a search) but are a little bit difficult to implement > >> (at least if we want to do it in a safe and efficient way) or at least I > >> don't have the time and skills to do it. > > > > Select language by hand is trivial to implement and we can delegate the > > search > > to google so that's trivial too... okay RSS would require some work > > > > I know it's not that hard to do but someone actually has to do it. No one has bothered that's why it hasn't been done. [snip.] > > At the moment we are using mantis as a BTS, Wikka as a wiki-engine, a > > home-maid website and *loads* of custom scripting for almost > > everything... How do you plan to migrate existing content ? > > > > The fully custom made site is one of the problems, as we are not experts > in some of the things we did. I saw that you fixed some security issues > in our php code today, some issues that dealt with character escaping > and such things. The broken code wasn't mine! I have already fixed the exact same bug 3 years ago and someone reintroduced it since then! We should really have regression tests; even for the website. > I'm no PHP expert but I think these are things which > are obvious to a professional php-developer but can completely break our > security, which means if some <put your favourite intelligence agency > here> guy used this issue to hack into our server and replace the > binaries we provide, then this could be rather dangerous for our users. > I'm not a fan of security by obscurity but let's face it: we have fixed only a few security related bugs in the last few years... Drupal had many more (and that's logical given that it's a gaz plant compared to our requirements). Their last release was on the 9th of April and guess what? It's a security bugfix! > What I want to say: If you're not absolutely sure about what you're > doing, leave it to the pros, they know how to deal with it, and we can > concentrate on what we do best: provide our users with tools to give > them true freedom of speech. > Go on with that logic... and we end up being dependant on a 3rd party entity. We left SourceForge because their service wasn't up to our expectations anymore and at the time there was no good alternative. > It's probably not possible to migrate in two days but it seems that now > is a good point to start the process, as Ian mentioned he wanted to > change the website significantly (this also includes the texts). We > probably should migrate in a soft way and try it in a test environment > first. The Website would be a good point to start with because it has > not so much content on it. The other things could be done step by step, > or never if we want to keep them (e.g. I'm not quite convinced about > drupals bug tracker, but there are definitely better wiki engines than > wikkawiki). I don't share your views here. Either we switch to a CMS and use it for everything or we don't. They are good and bad reasons to switch to a CMS: I don't think that security is a good one. As you've highlighted, our website doesn't evolve much and has a long history; that's why it's pretty secure overall. On the other hand, integration of services into the CMS is a good reason to make the switch. Find a CMS which has a good integration with mantis or can import its tickets and then we can consider a migration seriously. If it was up to me, we would use Trac and only Trac (for the website, wikki and bug-tracker). A few weeks ago someone asked me to set a blog engine up (Wordpress), I did and so far no one used it... We obviously don't want the same thing to happen with a Drupal, do we ? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080508/f1fd2e16/attachment.pgp>
