[support] drupal upgrades? automated?
Jamie Holly
hovercrafter at earthlink.net
Sat Feb 4 19:43:56 UTC 2012
Automatic updates also open up other security issues, which can impact a
much larger segment of Drupal sites than sites that don't upgrade.
Here's a perfect example of that:
https://wpsecurity.net/wordpress-repository-hacked/
There are ups and downs to both sides of the arguments. IMHO if this
ever became of Drupal it should either be optional or (even better) a
contrib module. You can upgrade via Drush, but not everyone has shell
access on their hosting, so that isn't a real solution.
Jamie Holly
http://www.intoxination.net
http://www.hollyit.net
On 2/4/2012 1:28 PM, Dave Stevens wrote:
> Dear All,
>
> Recently I got an email from my drupal 7.10 site informing me that
> there was an update available to version 7.12. The link took me to a
> pink hued page where I was told that it was advisable to correct a
> security problem by upgrading to 7.12. I am then informed that there
> is no automated upgrade, but that instructions are available to
> manually back up files and databases then carry on with a manual
> upgrade.
>
> I see this as a real issue with the design of Drupal. It is all very
> well to find vulnerabilities and announce them, with fixes, but if
> there is no simple, automated way to apply the fixes there will
> inevitably be a lot of unpatched cms's out there running outdated and
> known-vulnerable versions of Drupal.
>
> The developers may, for all I know, be working hard on an automated
> update and patch mechanism. Can anyone tell me if this is the case? Am
> I doomed to continue manually applying security fixes as long as I
> persist with Drupal? I dumped Win95 a long time ago and have really no
> wish to regress this way.
>
> Dave
>
>
More information about the support
mailing list