savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: A request for the website on behalf of the GNU pr

From: linas
Subject: [Savannah-hackers] Re: A request for the website on behalf of the GNU project
Date: Sat, 3 Mar 2001 20:39:20 -0600 (CST) 
It's been rumoured that Bradley M. Kuhn said:
> 
> :(  That's too bad.  It'd be cool if GNUcash was now hosted.

OK, Lets start with an ftp site mirror, and a website mirror.

Do you have a written policy? e.g.:

Practical matters:
-- who do I ask for an acount/password?
-- what should the directory structure be?
-- how do I get usage/hit/download statistics?
-- do you have recommended rsync proceedures and scripts?

Policy:
-- Do you host precompiled binaries?  In the past, FSF has been reticent
   about doing this.
-- Style: Can I keep my web pages in whatever style, or are there style
   guidelines?  Are banner ads allowed?  Are other marketing come-ons
   and plugs allowed?

Security issues:
-- Should we md5/gpg sign all our soruces and binaies? I beleive we
   should, but do you have any particular recommendations?
   (I'm particularly nervous because I don't want to wake up someday
   and read on slashdot about how some trojan horse in gnucash has been
   e-mailing credit-card numbers to wherever).
-- what's the best (automated?) way I can assure that some hacker hasn't 
   busted into your site & altered the binaries (or source)?  Do you
   have any recommended scripts for rsync+md5 checking?

> > 2) Surveys. I want to create a user survey ('what new features..etc.)  I
> > think I finally found some good s/w for that, but its sql-backended and
> > I'm paranoid about administering the security aspects of that.  Thus, if
> > fsf provided that, I might actually realy really consider it.
> 
> Perhaps you could work with Loic and the other savannah-hackers to get this
> software set up on savannah.  Perhaps they could check the security issues,
> too?
> 
> savannah-hackers: are you willing?
> 

I've been playing with PHPesp (espPHP?) as a survey tool.  It seems to
provide a good infrastructure for creating and managing surveys &
reviewing the statistics.   But I have not at all figured out if it has
security holes in it, or other risks I should be aware of.

--linas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]