[SAC] [Board] Several old FOSS4G sites no longer online?

Alex Mandel tech_dev at wildintellect.com
Thu Apr 24 14:16:58 PDT 2014


Yes, there was just a minor detail missing from that. Perpetually
keeping old dynamic language sites running is hazardous, they need to be
converted to static sites for proper archiving. It's only recently that
we really thought this out.

Once we get the figure out how to do it, shouldn't be too hard to do a
few months after each conf.

Thanks,
Alex

On 04/24/2014 01:44 PM, Peter Batty wrote:
> I'm not familiar with the specifics of this particular security issue, but
> at the time we did the Denver conference the web site policy as I
> understood it for FOSS4G was that we were strongly encouraged to host the
> web site on the OSGeo servers, with the idea that it could just continue to
> live there after the conference - or if the original site was hosted
> elsewhere then it should be archived to the OSGeo servers afterwards.
> 
> 
> On Thu, Apr 24, 2014 at 3:20 PM, Alex Mandel <tech_dev at wildintellect.com>wrote:
> 
>> Yup, just waiting on a volunteer to either:
>> 1. patch the old php sites (upgrade ocs or whatever else the sites run on)
>> OR
>> 2. run something like httrack over the sites to convert into static
>>
>> Option 2 is probably easier, and safer long term. I think Eli was
>> interested in this, we just need to re-enable the sites over localhost
>> on the server and try it out.
>>
>> More volunteers are welcome.
>>
>> Turning them on as is, not really and option, we disabled them after
>> discovering suspicious behavior of the php executables.
>>
>> FYI, it should be the stated practice in the FOSS4G organizing notes to
>> plan and archive the site after a conference finishes, so that we don't
>> run into this issue down the line. OSGeo is happy to hold the archives
>> (in Static form) of the sites even if they had been hosted elsewhere
>> when originally made.
>>
>> Thanks,
>> Alex
>>
>> On 04/24/2014 12:09 PM, Frank Warmerdam wrote:
>>> Peter,
>>>
>>> I believe Martin disabled them because he was concerned they were
>> potential
>>> security problems (due to use of PHP or something), and no one has taken
>>> the time to investigate and secure them.  I also find them to be useful
>>> resources, and digging a presentation of mine off an old conference site
>>> saved my bacon in Notthingham!
>>>
>>> If it is possible to turn the site(s) into easily served static HTML that
>>> would make it easier to host them.  We could also potentially decide to
>>> risk whatever the issue was but I'm not sure how to get to that decision.
>>>
>>> Best regards,
>>> Frank
>>>
>>>
>>>
>>> On Thu, Apr 24, 2014 at 11:57 AM, Peter Batty <peter.batty at gmail.com>
>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I was looking for the Denver FOSS4G web site online at 2011.foss4g.org,
>>>> and it no longer appears to be there, together with some of the other
>>>> archived sites. 2007 and 2009 show up, but not 2008, 2010 or 2011.
>>>>
>>>> I think these are really useful resources for various purposes. I don't
>>>> know if they were taken down intentionally or accidentally, but I think
>> it
>>>> would be good if they could be restored (I believe all the missing ones
>>>> were hosted on OSGeo servers).
>>>>
>>>> Any thoughts on how to get them back?
>>>>
>>>> Cheers,
>>>>     Peter.
>>>>
>>>> _______________________________________________
>>>> Board mailing list
>>>> Board at lists.osgeo.org
>>>> http://lists.osgeo.org/mailman/listinfo/board
>>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Sac mailing list
>>> Sac at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/sac
>>>
>>
>>
> 



More information about the Sac mailing list