[Actionchix] Delay in decision making

[jennyw]

Hi, Mary,

Thanks for keeping us up to date.

Mary Gardiner wrote:
>  - by Tuesday 11th July I'm going to have looked at Chris and Amy's
>    information architecture document and any further work on the wiki.
>    Assuming that it is basically together, and I assume it is, I will
>    ask Dancer to set up Plone on the new webserver and begin requesting
>    volunteers to move content. (Probably the old site, with the
>    exception of the news, will be set read-only.)
>   

Is Dancer the only one to be involved in setting up software on the new
server? I did setup Plone for testing for us and I wrote up some notes
on the install.  Gloria has a bunch of experience with Zope, also. I'm
not saying that one of should do it instead of Dancer, but to let you
know that other resources are available for this sort of thing; it's
sometimes hard to figure out how to offer to help (for example, there
was very little feedback on the initial Plone install and many other
things that have been done so far).

It would also be nice to get some chix involved with the sysadmin duties
of the site (is it just Dancer now or do we have other sysadmins, too?).
Towards this end, I earlier suggested  that for the next install we'd do
a shared screen session so several people could learn from the process.
A couple people said they'd be interested in participating in something
like this.

By the way, on the subject of installing Plone, I noticed that the HTTP
headers for the current site indicate that we're running ZServer
directly. These headers might not reflect reality, of course, but if
they are I'd suggest installing Apache or something else in front of
ZServer. I've heard that ZServer has some issues handling malformed HTTP
requests (like susceptibility to DOS attacks)[1]. Also, using a proxy
would make it easier to integrate other systems.

Jen

[1]: http://docs.neuroinf.de/PloneBook/ch10.rst :

        > Although Plone uses Zope's underlying Web server, ZServer
works just    
        > fine -- it's not a complete, industry-strength Web server that
        > should be exposed to the world. The server has several issues
regarding
        > possible Denial of Service (DOS) attacks; however, these are
obscure and
        > hard-to-find items within ZServer. No known attacks have been
performed
        > against ZServer that exploit these issues, but perhaps this is
because
        > of its relative obscurity in the real world. ZServer isn't
specifically
        > designed to be an industry-strength server, and since it's feature
        > complete, it's no longer being developed. By keeping a server
such as
        > Apache up-to-date, you're ensuring that a robust secure server
is facing
        > the world. Of course, if you're developing an intranet or other
        > application with trusted users, this may not be an issue.