[Board] [SAC] Several old FOSS4G sites no longer online?

Peter Batty peter.batty at gmail.com
Thu Apr 24 13:44:55 PDT 2014


I'm not familiar with the specifics of this particular security issue, but
at the time we did the Denver conference the web site policy as I
understood it for FOSS4G was that we were strongly encouraged to host the
web site on the OSGeo servers, with the idea that it could just continue to
live there after the conference - or if the original site was hosted
elsewhere then it should be archived to the OSGeo servers afterwards.


On Thu, Apr 24, 2014 at 3:20 PM, Alex Mandel <tech_dev at wildintellect.com>wrote:

> Yup, just waiting on a volunteer to either:
> 1. patch the old php sites (upgrade ocs or whatever else the sites run on)
> OR
> 2. run something like httrack over the sites to convert into static
>
> Option 2 is probably easier, and safer long term. I think Eli was
> interested in this, we just need to re-enable the sites over localhost
> on the server and try it out.
>
> More volunteers are welcome.
>
> Turning them on as is, not really and option, we disabled them after
> discovering suspicious behavior of the php executables.
>
> FYI, it should be the stated practice in the FOSS4G organizing notes to
> plan and archive the site after a conference finishes, so that we don't
> run into this issue down the line. OSGeo is happy to hold the archives
> (in Static form) of the sites even if they had been hosted elsewhere
> when originally made.
>
> Thanks,
> Alex
>
> On 04/24/2014 12:09 PM, Frank Warmerdam wrote:
> > Peter,
> >
> > I believe Martin disabled them because he was concerned they were
> potential
> > security problems (due to use of PHP or something), and no one has taken
> > the time to investigate and secure them.  I also find them to be useful
> > resources, and digging a presentation of mine off an old conference site
> > saved my bacon in Notthingham!
> >
> > If it is possible to turn the site(s) into easily served static HTML that
> > would make it easier to host them.  We could also potentially decide to
> > risk whatever the issue was but I'm not sure how to get to that decision.
> >
> > Best regards,
> > Frank
> >
> >
> >
> > On Thu, Apr 24, 2014 at 11:57 AM, Peter Batty <peter.batty at gmail.com>
> wrote:
> >
> >> Hi all,
> >>
> >> I was looking for the Denver FOSS4G web site online at 2011.foss4g.org,
> >> and it no longer appears to be there, together with some of the other
> >> archived sites. 2007 and 2009 show up, but not 2008, 2010 or 2011.
> >>
> >> I think these are really useful resources for various purposes. I don't
> >> know if they were taken down intentionally or accidentally, but I think
> it
> >> would be good if they could be restored (I believe all the missing ones
> >> were hosted on OSGeo servers).
> >>
> >> Any thoughts on how to get them back?
> >>
> >> Cheers,
> >>     Peter.
> >>
> >> _______________________________________________
> >> Board mailing list
> >> Board at lists.osgeo.org
> >> http://lists.osgeo.org/mailman/listinfo/board
> >>
> >
> >
> >
> >
> >
> > _______________________________________________
> > Sac mailing list
> > Sac at lists.osgeo.org
> > http://lists.osgeo.org/mailman/listinfo/sac
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/board/attachments/20140424/055fc570/attachment.html>


More information about the Board mailing list