Re: [tlug] Dealing with software with wide attack surface

[Christian Horn <chorn@example.com>]

On Sun, Aug 29, 2021 at 12:50:42AM +0900, Stephen J. Turnbull wrote:
> Christian Horn writes:
> 
>  > I'm in the market for alternatives, and looked at 2 of them:
>  > https://pixelfed.org/ and https://github.com/LycheeOrg/Lychee .
>  > Especially Lychee seems good, I like the style of presentation
>  > more than what fgallery (from 2016, no longer developed) does.
> 
> I guess the question is how frequently Lychee is releasing and/or
> patching, and how much they participate in upstream maintenance.  If
> they're a small project cobbled together from 113 other small
> projects, yeech.

My first try with the current Lychee release did not go well:
"importing" a directory with pictures failed for most pictures,
without detailed reason in the gui or php logs.  
I could revisit that now though, I have afterwards seen where 
Lychee keeps an app level.


>  > Since years I use scripts/software to make images available over
>  > the internet.
> 
> That's not very much to go on.  If it's just a browsable archive of
> *your* images, you can just shut off everything except GETs of images
> that exist, and maybe allow thumbnails.  Push everything else into the
> Javascript on the browser, and it's Someone Else's Problem.  But I
> doubt that's what you mean.  If you're running a private
> Instagram-like social network that would be an entirely different
> worry.

Just meant for hosting my own images, not a widely service.



> What else is on the host that you're worried about?  Maybe Lychee
> would be the least of your worries. (^^;

Valid point (won't list them here).

Chris