Introducing our new blog team

Florian Snow floriansnow at fsfe.org
Thu May 19 05:52:18 UTC 2016


Hi Daniel,


Daniel Pocock <daniel at pocock.pro> writes:
> Wordpress is available in Debian, would the packages be suitable for
> you? The versions are here:

The version does not matter so much as long as it still receives
bugfixes.  To be quite honest, though, I have had unpleasant experiences
with Debian packages of web applications.  This was several years ago
and may not be accurate anymore, but back then, some of those
applications had several changes made to them and that made it hard to
find problems because the installation was different from most of the
other installations out there.

But aside from that, I am worried about several things in this scenario:
1. An OS update always updates the Wordpress install as well.  This
   may break necessary plugins that are not available in Debian.  So
   that means, the system hackers would always have to check with the
   blog hackers before performing OS updates.  I don't think this is a
   very good solution.
2. The Debian package does not (or at least did not) support the regular
   Wordpress update mechanism.  That makes perfect sense from an OS
   package perspective, but it may cause some issues in our case
   here. (We might need to go through several older WP versions to get
   to the current one, for example, and the internal update mechanism
   makes that pretty easy).
3. Also, however fast the security team may be, receiving and applying
   the bugfix from upstream will always be faster.  With publicly
   facing software that is known for vulnerabilities, I'd rather have
   updates as fast as possible.  This is also pretty easy with the
   internal update mechanism.

Don't get me wrong, I love Debian and I am not the kind of person to use
external repositories all the time or something like that, but for web
applications, I tend to go with upstream.  That being said, things have
not been decided yet and I really appreciate your input.  I will keep it
in mind during my next round of tests.


> I had several sites running on Drupal myself but I found that it becomes
> tedious dealing with PHP security bugs and such things on a regular
> basis.

Agreed.  That is exactly my experience and the reason for looking for
alternatives to Wordpress.


> Consequently, I moved many of the sites to a simple static hosting
> solution using Bootstrap and jekyll

Thank you for mentioning this.  I have set up several sites with Jekyll
and Bootstrap and I am generally happy with it.  There are some more
modern systems that I worked with that have some advantages, for
instance Pelican and Acrylamid.

However, the problem here is usability.  We need to find a way to make
the editing process easy for non-technical bloggers.  I would imagine
some of our users are more interested in the political side of Free
Software and may not be hackers themselves.  Finding a good solution for
them as well has to be our goal.  That is going to be one of the biggest
issues the team will have to tackle.

Happy hacking!
Florian



More information about the Discussion mailing list