If you have SSH, it's generally possible to install git if it's not already, and then add everything to a git repository; keeping in mind that - like etckeeper - there are likely e.g. database passwords in said repository.

A little extra CPU utilization during an off-peak time shouldn't be an issue even with shared hosting accounts.

While I started out with e.g. postnuke, Mambo/Joomla, Drupal, etc. way back in the day; in recent times I've found myself leaning toward no database to maintain (no risk of SQLi). Static HTML and pull requests have most of the workflow needs solved without any ongoing maintenance burden. 

There are a number of comment services that handle spam and support moderation. A third party search service can do search with snippets that's way more performant.

In my experience, PHP apps really do need to be regularly upgraded.

https://www.staticgen.com lists quite a few static HTML solutions. Notably, Jekyll is the most popular and is supported by GitHub.

It's also possible to build a dynamic app - where e.g. /admin/ is only available or known to a few users - that's then pressed into static HTML.
Cactus (Django), Django-distill, and Frozen-Flask have a bunch of stars according to staticgen

Such a static site is not quite the same as adding caching in front of e.g. WordPress because there's still SQL and unreviewed plugins. A managed WordPress service should be able to get caching correctly configured with e.g. Varnish, Nginx, HAproxy; and do regular backups.


mm3 supports adding a footer with a link to the relayed message. distutils-sig@ has such a - IMHO far to extensive - footer 

The list admin should be able to upgrade edu-sig@ to mm3 in a jiffy?

On Monday, September 24, 2018, kirby urner <kirby.urner@gmail.com> wrote:

I wanted to followup on this thread as since Aug 30 I've linked to it from several places. 

I've long had a habit of taking advantage what a publicly archived listserv permits:  http linking from elsewhere.
There's a link to a Python repo in the end notes. 

Otherwise I'm mostly just fleshing out a use case vis-a-vis mailman, confirming insights by Wes.

On Thu, Aug 30, 2018 at 3:16 PM Wes Turner <wes.turner@gmail.com> wrote:

TBH, securing and upgrading mailing lists is beyond the competencies of most volunteer-run organizations;
which is one reason that I'd recommend Google Groups or similar for most organisations.

Indeed, my experiences matches. 

The science fiction fantasy I was pursuing at the time, in my role, was that my religious sect in particular (for which I was wearing an IT hat) would eventually embrace IT expertise as one of its trademarks, a kind of branding maneuver.  So sects are known for their chocolates and cheese.  We'd stand out for our IT expertise.

I was challenging my peers to "geek out" as we say.  Some rose to the occasion.  I wasn't the only IT type on the listserv (one of Google's).

BTW I haven't given up on any of that investment in a higher tech look and feel, even though my personal tour of duty in that specific role ended quite a long time ago.  That gig, as a Clerk of IT for my region, was a growth experience. 

I also continue fantasize about future meeting facilities in a high rise (as in "skyscraper"), for example some 47th floor facility in Singapore would be no contradiction in terms, not a culture clash.  I picture a serene scene, perhaps with LCDs in the social area, sometimes cycling through pictures of those more iconic meetinghouses of the hallmark sort, many of them wood-heated and by this time fairly dilapidated.[1]
In my experience, ISPs offer GUI installers for various app on shared hosting platforms, but upgrades aren't managed in the same GUI; which requires a volunteer to keep the apps upgraded with at least security updates.

Exactly right. 

I'm on Godaddy myself and find Wordpress nags me and upgrades in place through its own GUI, but that's the exception, and is ironically the most infested with stuff. 

I had to SSH in and manually vim stuff out and vacuum tons of garbage directories -- I've not been a great janitor over the years (this was grunch.net). The website had essays and links I'd never put there, mostly tucked away unobtrusively so as not to attract my attention.

Other upgrades, outside of Wordpress would require that I SSH in.  At NPYM, we had no shell access that I recall, but my memory dims. 

To this day we make intensive use of Drupal -- but the security patch process was hardly intuitive (I wasn't handling it myself). 

Our PHP was falling behind, version-wise. 

In other words, we already had an inhouse-written and maintained PHP + MySQL database.  Geeks R Us.

I was able to test run SQL from a command line, thanks to help from Marty, and was suggesting we migrate these skills through the Secretary's office.  Those proposals remain on file.  I wrote a new prototype of our database in Python.[2]

[1]  https://youtu.be/PhsvqbCIaAs  (opening 5 seconds show iconic meetinghouse, the rest being a music video recording of religious doctrines)