<HTML>
<HEAD>
<TITLE>Re: [development] Download statistics for core</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>People could be downloading 4.7 for sandbox fun only. No need to apply security fixes if the version isn’t ever going into production. What better measure is there of use than the number who apply security patches? Of course, foolish admins who don’t fix security bugs do skew that data, sadly.<BR>
<BR>
I’d be curious to see how the numbers change if Drupal had a version check on the admin section of each installation (like phpBB). If admins had a clear warning they were using an insecure version, the security patch metric probably would be a pretty good indication of production use.<BR>
<BR>
-Peter<BR>
<BR>
<BR>
On 2006/06/02 10:13 AM, "Corey Bordelon" <corey.bordelon@gmail.com> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
On 6/2/06, <B>Gerhard Killesreiter</B> <gerhard@killesreiter.de> wrote:<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Corey Bordelon wrote:<BR>
> Considering that the bugfix was released yesterday, I think it may be to<BR>
> early to tell if people are forgetting to do the security updates or not.<BR>
><BR>
<BR>
The 4.7.1 bugfix is out for a week. <BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
Sorry. I meant for 4.7.2<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>> I noticed that you don't have the stats for the 4.7.0 release. It<BR>
> would be<BR>
> interesting to see how many downloaded it compared to 4.7.1.<BR>
<BR>
36693 for May<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
Combining the number of downloads for both bugfixes (some may not have had time to update to 4.7.1, but just went straight to 4.7.2), it comes out to 9406. That means that only 25% of the people that installed Drupal 4.7.0 in May are following up with the security fixes. <BR>
<BR>
Of course that's not taking into account the good adminstrators that did the actual updates when they should have (duplicates in the numbers). <BR>
<BR>
I'm sorry if the number cruncher in me is taking over and saying the obvious, I can't help it.<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
</SPAN></FONT>
</BODY>
</HTML>