From: Hilmar L. <hl...@ne...> - 2014-10-23 16:14:26
|
On 10/23/14, 5:19 AM, Rutger Vos wrote: > - the content, i.e. editing and reviewing submissions (presumably, they > have nothing to do with that) Congruent with NESCent hosting. > - the code, i.e. bug fixes and feature additions (again, they don't plan > to do anything with that) Mostly ditto. However, TreeBASE still stores passwords in the clear, which is a major security flaw and vulnerability. There may be others waiting to be discovered. The code, to the extent I know, has never been security-audited. There is currently apparently zero funding for code maintenance, and so time will only reveal more security issues, not less, including issues caused by reliance on end-of-support versions of Java, Tomcat, etc. > - testing, i.e. do bug fixes and enhancements work as intended on the > staging server (presumably this is shared, e.g. they deploy, others test & > verify) Congruent with NESCent hosting, except that we redeploy staging and testing automatically upon commits. > - system/db administration, i.e. checking performance and tuning it (to > the extent that this doesn't involve code modifications they would do this) Again, this would be congruent with NESCent hosting. -hilmar -- Hilmar Lapp -:- informatics.nescent.org/wiki -:- lappland.io |