[support] drupal upgrades? automated?

Richard Damon Richard at Damon-Family.org
Sat Feb 4 20:06:40 UTC 2012 

On 2/4/12 1:28 PM, Dave Stevens wrote:
> Dear All,
>
> Recently I got an email from my drupal 7.10 site informing me that  
> there was an update available to version 7.12. The link took me to a  
> pink hued page where I was told that it was advisable to correct a  
> security problem by upgrading to 7.12. I am then informed that there  
> is no automated upgrade, but that instructions are available to  
> manually back up files and databases then carry on with a manual  
> upgrade.
>
> I see this as a real issue with the design of Drupal. It is all very  
> well to find vulnerabilities and announce them, with fixes, but if  
> there is no simple, automated way to apply the fixes there will  
> inevitably be a lot of unpatched cms's out there running outdated and  
> known-vulnerable versions of Drupal.
>
> The developers may, for all I know, be working hard on an automated  
> update and patch mechanism. Can anyone tell me if this is the case? Am  
> I doomed to continue manually applying security fixes as long as I  
> persist with Drupal? I dumped Win95 a long time ago and have really no  
> wish to regress this way.
>
> Dave
>
>
Drupal has problems updating itself, as while it is updating itself it
needs to be present, but one step of an update is to remove the current
set of core files.
Drush, the drupal command line tool, being somewhat separate from the
Drupal core, is able to do an update mostly autonomously. Drush does use
parts of core for other operations. With drush it is fairly easy to
apply the update.

You really don't want an update like this to happen "automatically" but
only on command, as you REALLY want to know when an update has happened
to understand possible sources of strangeness (if it happens shortly
after an upgrade, you want to look if it is a known issue with the
upgrade, if you haven't done an upgrade recently, it is probably
something else you did recently), and to make sure you have done the
appropriate backups before doing the upgrade.

-- 
Richard Damon

More information about the support mailing list