Mailinglist Archive: opensuse-project (134 mails)

< Previous Next >
Re: [opensuse-project] openSUSE Board Face-to-Face Meeting 2016 Minutes - Part 3/3
On 21 March 2016 at 15:07, Henne Vogelsang <hvogel@xxxxxxxxxxxx> wrote:
Hey,

On 21.03.2016 14:48, Richard Brown wrote:

On 21 March 2016 at 12:33, Henne Vogelsang <hvogel@xxxxxxxxxxxx> wrote:

On 20.03.2016 14:46, Richard Brown wrote:

- News.o.o:
1) Wordpress consumes too many resources and poses too many
security risks


Can you elaborate on how you came to this conclusion?


Our infrastructure admins


I understood from your other mails that this is where it comes from. Can you
also elaborate on the details please?

Our infrastructure team has lots of stuff to do, lots of our services
to look after, lots of databases to power them

That is lots of instances of apache, php, wordpress, and
$insert_db_name_here to patch, manage, secure, fix, tidy up, etc

This is further complicated when stuff like our wordpress instances
include custom themes and bolted together hacks and plugins that were
desperately important to someone somewhen, but now many years later no
one has any idea who wanted it or why, but the presence of those
themes and plugins make the maintenance and upgrade of those systems
more painful, if not block them outright

To quote one of our discussions this weekend, while keeping the
service in question strictly anonymous

"the only reason we haven't been hacked yet is probably because it's
so old that any exploits would expect a more recent version"

This is not a sustainable situation.

Our infrastructure team have lobbied, for several years now, to
encourage the openSUSE Project to reduce it's footprint where
possible, remove services that are not being used, and lean towards
technologies which are lightweight and more easy to secure and
maintain, so they can focus their time and efforts where they're
needed

The Board is doing what it can to help with that, hence the efforts to
retire lizards and replace news.opensuse.org with something easier for
us

Regards,

Richard
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups