[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: A request for the website on behalf of the GNU pr
From: |
linas |
Subject: |
[Savannah-hackers] Re: A request for the website on behalf of the GNU project |
Date: |
Sat, 3 Mar 2001 20:39:20 -0600 (CST) |
It's been rumoured that Bradley M. Kuhn said:
>
> :( That's too bad. It'd be cool if GNUcash was now hosted.
OK, Lets start with an ftp site mirror, and a website mirror.
Do you have a written policy? e.g.:
Practical matters:
-- who do I ask for an acount/password?
-- what should the directory structure be?
-- how do I get usage/hit/download statistics?
-- do you have recommended rsync proceedures and scripts?
Policy:
-- Do you host precompiled binaries? In the past, FSF has been reticent
about doing this.
-- Style: Can I keep my web pages in whatever style, or are there style
guidelines? Are banner ads allowed? Are other marketing come-ons
and plugs allowed?
Security issues:
-- Should we md5/gpg sign all our soruces and binaies? I beleive we
should, but do you have any particular recommendations?
(I'm particularly nervous because I don't want to wake up someday
and read on slashdot about how some trojan horse in gnucash has been
e-mailing credit-card numbers to wherever).
-- what's the best (automated?) way I can assure that some hacker hasn't
busted into your site & altered the binaries (or source)? Do you
have any recommended scripts for rsync+md5 checking?
> > 2) Surveys. I want to create a user survey ('what new features..etc.) I
> > think I finally found some good s/w for that, but its sql-backended and
> > I'm paranoid about administering the security aspects of that. Thus, if
> > fsf provided that, I might actually realy really consider it.
>
> Perhaps you could work with Loic and the other savannah-hackers to get this
> software set up on savannah. Perhaps they could check the security issues,
> too?
>
> savannah-hackers: are you willing?
>
I've been playing with PHPesp (espPHP?) as a survey tool. It seems to
provide a good infrastructure for creating and managing surveys &
reviewing the statistics. But I have not at all figured out if it has
security holes in it, or other risks I should be aware of.
--linas