Hi Daniel,
Daniel Pocock daniel@pocock.pro writes:
Wordpress is available in Debian, would the packages be suitable for you? The versions are here:
The version does not matter so much as long as it still receives bugfixes. To be quite honest, though, I have had unpleasant experiences with Debian packages of web applications. This was several years ago and may not be accurate anymore, but back then, some of those applications had several changes made to them and that made it hard to find problems because the installation was different from most of the other installations out there.
But aside from that, I am worried about several things in this scenario: 1. An OS update always updates the Wordpress install as well. This may break necessary plugins that are not available in Debian. So that means, the system hackers would always have to check with the blog hackers before performing OS updates. I don't think this is a very good solution. 2. The Debian package does not (or at least did not) support the regular Wordpress update mechanism. That makes perfect sense from an OS package perspective, but it may cause some issues in our case here. (We might need to go through several older WP versions to get to the current one, for example, and the internal update mechanism makes that pretty easy). 3. Also, however fast the security team may be, receiving and applying the bugfix from upstream will always be faster. With publicly facing software that is known for vulnerabilities, I'd rather have updates as fast as possible. This is also pretty easy with the internal update mechanism.
Don't get me wrong, I love Debian and I am not the kind of person to use external repositories all the time or something like that, but for web applications, I tend to go with upstream. That being said, things have not been decided yet and I really appreciate your input. I will keep it in mind during my next round of tests.
I had several sites running on Drupal myself but I found that it becomes tedious dealing with PHP security bugs and such things on a regular basis.
Agreed. That is exactly my experience and the reason for looking for alternatives to Wordpress.
Consequently, I moved many of the sites to a simple static hosting solution using Bootstrap and jekyll
Thank you for mentioning this. I have set up several sites with Jekyll and Bootstrap and I am generally happy with it. There are some more modern systems that I worked with that have some advantages, for instance Pelican and Acrylamid.
However, the problem here is usability. We need to find a way to make the editing process easy for non-technical bloggers. I would imagine some of our users are more interested in the political side of Free Software and may not be hackers themselves. Finding a good solution for them as well has to be our goal. That is going to be one of the biggest issues the team will have to tackle.
Happy hacking! Florian