Re: Bug#672695: wordpress: no sane way for security updates in stable releases

[Toni Mueller <toni@debian.org>]

On Sun, May 13, 2012 at 09:56:17AM -0700, Russ Allbery wrote:
> packaging and security issues and is because we need N independent
> installations per server for different groups that can vary separately and

That's one reason why packaged versions of web apps are quite often
useless at my workplace, too.

> We're finding it very hard to use the packaged versions of large web
> application frameworks for a variety of reasons.  One of the big ones is
> that web developers seem to expect a very fast upgrade cycle that's hard

The requirement for fast upgrade cycles partly stems from the huge
attack surface that Internet-facing web apps have. It also stems from
the generally short turnaround times for new releases of software and
applications built on top of said web apps, as users keep demanding more
and newer features.

> to support in Debian; another is that it is really helpful for web
> applications to be able to give an entirely independent installation to
> each major site rather than trying to share the same code.  For another

Ack. That's also one factor driving the demand for virtual servers (xen,
kvm, you-name-it).


Just my 0.02 cents...


Kind regards,
--Toni++