[cobalt-developers] RaQ2 - Alternatives, Secure admin UI, Porting special sauce to Slackware

["David Sutherland" <dave@xxxxxxx>]

I picked up this RAQ for purposes of beginning a small web host provider.
We're doing fine, and the server seems to be much more reliable than other
implementations I've tried, but as I go through the system more and more I
find bugs, holes, and now I read about the security problem with siteadmin.

I'm used to almost every aspect of slackware and I can get a slack distro up
and running in a short while, but my raq2 is in Atlanta and I'm in Northern
Michigan - how does one go about doing a live overhaul?  Anyone with this
talent or introspect - I'd appreciate some input tossed in this direction.
:)

My only concern really is, if I do get some other OS and implementation
installed, how do I give the users some means of managing their sites?  Is
it practical and functional, mostly secure enough, to use the special sauce
scripts and code with a new interface and possibly front end to manage the
security of those scripts?  Could I run some sort of wrapper over the admin
scripts?  The entire idea of those scripts themselves running as root w/what
seems evidently out of control functions makes me wildly annoyed.

Frankly, I feel insulted by Cobalt.  I know issues arrise, but I have
trusted a corporation to provide me with a secure, publically accessible
web, email, and ftp server.  I'm finding that the system is far beyond
proprietary in design, insecure, nonextensible, and buggy.

Are there third party updates available?  Does anyone want to consider
developing updates for cobalt as a third party?  I'd like to take care of
this for my own sake, and the rest of those who have yet to discover such
bugs.  Cobalt has things going on, and I really hope they consider these
issues to be some of them.

Sincerely,

David B. Sutherland