From kde-community Thu Nov 29 08:03:20 2018 From: Ben Cooksley Date: Thu, 29 Nov 2018 08:03:20 +0000 To: kde-community Subject: Re: Discourse Message-Id: X-MARC-Message: https://marc.info/?l=kde-community&m=154347865001417 On Wed, Nov 28, 2018 at 5:25 AM Lays Rodrigues wro= te: > > Let's not go in that way. > As a ~new person~ on KDE, 3 years only, we need to move to a modern web. = At least in my point of view, I really think that using old stuff doesn't a= ttract new people. In that I have a few ideas for some KDE websites go mode= rn, but that is a project for the future. > Discourse is a way to do that. I don't have much idea on how is the cost = to maintain such an application, but in the field to setup it, I don't > think that is hard since we just need docker and Postgres. Before we look into deployment, has an initial evaluation been done to determine how individual communities around specific applications would work with Discourse? Usually these communities only want to look at posts for their specific application, and in some cases we have customisations to support their specific usecases - which our existing forum supports (see https://forum.kde.org/viewforum.php?f=3D276 for instance). Once we're satisfied that's all okay and can accommodate everything we need, we then can look into deployment. At this point we'd: 1) Look into the actual technology stack they use (seems to be Rails based in this case) to make sure there aren't any potential snags there 2) Evaluate what support it has for authentication options (Identity requires LDAP at the moment, but will move to OAuth2 at some point using a custom API) 3) Determine what's needed to import existing data we have 4) Ascertain how best to structure things to make it easy for end-users to work with 5) Investigate what anti-spam options are available and how maintainable any customisations we need to support KDE specific workflows will be At a very quick 15 minute glance, I already have immediate concerns on point 1 of the above. My main one here is the lack of any options for installation other than Docker which makes no sense for a Rails application. Looking into their Docker image installation script I see that they build both Nginx and Imagemagick themselves (and stepping outside of package repositories is generally a bad idea). Imagemagick is of grave concern as this project has had numerous security advisories in the past and I see the version they're using isn't the latest one. I have further concerns for Nginx as they include a third party compression module, Brotli, whose codebase hasn't been touched in 2 years (plus it's a compression method, so you have the risk of CRIME/BREACH attacks) > > So Ben and other sysadmins, > Ben, you had some concerns that others answered on this thread. > What do you think? > > Also, I found this ansible to deploy discourse with and without docker, t= hat can be a starting point: > https://github.com/jamielinux/ansible-discourse > > Let's think about how this can help all the KDE users, and push our commu= nity forward. If we have old stuff that is hard to maintain, and it is outd= ated, we should move forward. > > ** My opinions can be simple, because I think that the situation is simpl= e, also because I may not have a macro view of everything** > > > Cheers, Cheers, Ben > > > > On Mon, Nov 26, 2018 at 7:04 PM Ingo Kl=C3=B6cker wrot= e: >> >> On Montag, 26. November 2018 18:03:55 CET Martin Fl=C3=B6ser wrote: >> > Am 2018-11-26 09:23, schrieb Ilmari Lauhakangas: >> > > The main problem in any case will be getting enough engagement. I >> > > don't think I have ever received a reply from a KDE developer in the >> > > current forums. >> > >> > And that's good! Do you want that developers spend time answering simp= le >> > support questions any other user could answer or do you want developer= s >> > to code? No company would put their expensive developers on the front >> > line for support. >> >> No company would publish their precious IP (aka source code) as Free Sof= tware. >> Luckily, KDE is not a company but a community of people where everybody,= even >> the most precious developers, can be at the front line for support if th= ey >> want to be there. >> >> Regards, >> Ingo > > > > -- > Lays Rodrigues > KDE > Atelier - atelier.kde.org > Fundraising WG > http://lays.space > Telegram: @lays147