Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Such a solution presents a bit of a challenge though, given that you'd be 1) broadcasting a security issue, and 2) possibly compounding it by presenting your audience with some really disagreeable news.

I can at least see why they'd hesitate to leave things up, depending on the anticipated risk and likelihood of addressing it in reasonable time.

Edit: Downvote if it makes you feel better, but this is really how groups execute on problems like this without taking time away from other important projects. "Security issue? Extensive fixes needed? Take it down!"



"We're going to shut down the wiki starting xx/xx."

Don't need to explain, don't need to make a fuss - just announce and move on.


Doesn't that also just open up a lot more community feedback/pushback? I'm thinking somebody saw it coming in any case and made the call.


Hackernews is shutting down in 45 seconds. Please save the pages of any bookmarks now


About as much as we have right now. The difference is people can at least make backups of the content they need.


Can’t you just lock the system down and isolate it enough so the security vulnerability is a non-issue? Certainly there’s an ops solution to things like this.


wget or other site rippers can just make static content out of it. You can write a script to put a notice/header at the top and host it on nginx .. or an S3 bucket.


I do not think your comment deserved to be down voted. That may have very well been their line of thought.

But I also think loktarogar provided a better solution.

And that is what a discussion forum is for.


They could provide a the public or a trusted third-party with a database dump, or put it on a separate hosting service. With a bit of effort either course would relieve them of security concerns




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: