Re: Bug#672695: wordpress: no sane way for security updates in stable releases

[Russell Coker <russell@coker.com.au>]

On Sun, 13 May 2012, Bernd Zeimetz <bernd@bzed.de> wrote:
> Being forced to upgrade to a new major version by a stable security support
> is nothing we should force our users to. Debian stable is known for
> (usually) painfree updates and bugfixes only, not for shipping completely
> new versions with a forced migration. Therefore - in my opinion - we
> should not ship wordpress in Wheezy, at least not until upstream handles
> such issues in a sane way.

Forcing users to manually install and update it or to use a package from 
outside Debian are also options that aren't good for users.

deb http://www.coker.com.au squeeze wordpress

I run my own repository of Wordpress packages at the above APT source.  That 
includes some Wordpress plugins that are licensed suitably for Debian but 
which have the same update issue.

One thing about Wordpress and it's plugins and themes is that you have to 
assume that every new release fixes some security issues.  They just don't 
document things well enough to allow you to assume otherwise.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/