Wolf Halton
http://sourcefreedom.com
Apache developer:
wolfhalton@apache.org
On Oct 7, 2012 10:01 AM, "Robert Pommrich" <LeProvokateur@gmx.de> wrote:
>
> Hi,
>
> Am 07.10.2012 12:19, schrieb Peter Viskup:
> > Hello everybody,
> > I am using Drupal6 from Debian repositories as I thought that Debian is
> > taking care of the security fixes and therefore I do not have to take
> > care too much.
> > Unfortunately one of my sites was cracked and there were none of
> > security fixes released in June 2012 by Drupal community backported to
> > main release till today. The only 'fixed' version of Drupal6 is
> > available on backports.debian.org.
> > Do you use Debian versions of CMSes?
> > Are you continuously checking the main releases and checking the states
> > of Debian packages?
> > What are your proposals for running any CMS available in Debian
> > repositories?
> > Does somebody have similar experience from the past or with another CMS
> > from Debian repositories?
>
> you should address the issue to the maintainer luigi@debian.org,
> and the security team [1] (security@debian.org or
> team@security.debian.org), which I put in CC.
>
> Looking at
>
> http://security-tracker.debian.org/tracker/status/release/stable
>
> there are 2 issues which are not fixed in the current stable version of
> drupal6. Perhaps the maintainer and/or the security team overlooked them.
>
> [1] http://www.debian.org/security/faq#contact
>
> Robert
> > Thank you.
> >
> > Best regards,
> > --
> > Peter Viskup
> >
> >
>
The reason to have a drupal package or any other community or multiverse package is most likely that somebody had the inclination to do the packaging. Whether it be a good plan to use it is up to the individual user.
Wolf
PS I know it is hard to be objective when ones own site has neen cracked. Computer security is not a state; it is a process. The more third-parties involved in ones security, the easier it is to delegate security to them. I get email updates from my drupal sites with module and core updates. I use drush to update all and the whole process takes less than 10 minutes.
One could automate this with a cron job, but I like to know which modules are neing updated.
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 50718B62.1030606@gmx.de">http://lists.debian.org/[🔎] 50718B62.1030606@gmx.de
>