On 21 March 2016 at 15:07, Henne Vogelsang
Hey,
On 21.03.2016 14:48, Richard Brown wrote:
On 21 March 2016 at 12:33, Henne Vogelsang
wrote: On 20.03.2016 14:46, Richard Brown wrote:
- News.o.o: 1) Wordpress consumes too many resources and poses too many security risks
Can you elaborate on how you came to this conclusion?
Our infrastructure admins
I understood from your other mails that this is where it comes from. Can you also elaborate on the details please?
Our infrastructure team has lots of stuff to do, lots of our services to look after, lots of databases to power them That is lots of instances of apache, php, wordpress, and $insert_db_name_here to patch, manage, secure, fix, tidy up, etc This is further complicated when stuff like our wordpress instances include custom themes and bolted together hacks and plugins that were desperately important to someone somewhen, but now many years later no one has any idea who wanted it or why, but the presence of those themes and plugins make the maintenance and upgrade of those systems more painful, if not block them outright To quote one of our discussions this weekend, while keeping the service in question strictly anonymous "the only reason we haven't been hacked yet is probably because it's so old that any exploits would expect a more recent version" This is not a sustainable situation. Our infrastructure team have lobbied, for several years now, to encourage the openSUSE Project to reduce it's footprint where possible, remove services that are not being used, and lean towards technologies which are lightweight and more easy to secure and maintain, so they can focus their time and efforts where they're needed The Board is doing what it can to help with that, hence the efforts to retire lizards and replace news.opensuse.org with something easier for us Regards, Richard -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org