[Consortium] Goto10 and Puredyne

Robin Gareus robin at linuxaudio.org
Tue Apr 12 11:46:36 UTC 2016


On 04/12/2016 05:40 AM, Ivica Bukvic wrote:
> What we do need to be careful about is implementing
> frameworks 

+1

The idea is to not use any framework.
Pelican [1] is a tool that generates static HTML from markdown (or
reStructuredText). There's nothing to crack.

David got the ball rolling [2], also see his email to LAU.

> With that in mind,
> we need to check what kinds of security concerns pelican framework may have
> and whether those can be autopatched--please keep me posted as things
> develop.

see above. The site is generated (usually locally) by the one who edits
it then copied (usually rsync over ssh) to the server.

Given how rarely the site is updated, there are currently no plans to
automate re-generate the HTML automatically.  But monitoring or hooking
into git and running pelican on the server to generate the HTML is  safe
as long as access to the git repo holding the actual content is.

long story short: As long as ssh is safe, we're good.

best,
robin

[1] http://blog.getpelican.com/
[2] https://github.com/linuxaudio



More information about the Consortium mailing list