[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security support for CMSes

On Sun, Oct 07, 2012 at 09:02:23AM -0400, Wolf Halton wrote:
> I am sorry to hear your site was cracked. I run Drupal on Debian as well.
> The fundamental flaw here is the lag time between drupal update and
> packaging on debian. I run drupal 7 for new sites. Installs are not the
> simplest things in the world, but it comes in handy in an ongoing fashion
> to have done the work. That way you are sure of your database user and pass
> as well as exact location of files.
> As an engineer, you reasonably want to make the process as simple as
> possible but no simpler. Packages with public web interfaces like drupal
> take more care and feeding than any other kind of package I can think of.
> It is not a Debian issue. Any Linux packager would have a hard time keeping
> up with a community-maintained monster like drupal. Even if you are running
> Sid, not suggested for production environment, there is too much lag to
> trust package maintainers to do the updates for you.
> 
If this is true, then I have to wonder what is the point of having a
Debian package for Drupal at all.  I always figured that there was a
benefit in using a Debian-packaged version of software like Drupal,
MediaWiki, Wordpress, etc. because I wouldn't have to do manual updates
in order to get security fixes.

-Rob
Reply to: