<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:12pt"><div><span>This is why I don't use the Update module on most of my live sites. I have back ups of all my sites set up locally in a multi-site per core version. I update my core and contribs there first and make sure that things are working. Then I move the code to the live sites.</span></div><div><br><span></span></div><div><span>Yes, this can mean that there are temporary security vulnerabilities. I'll take that risk over the likelihood that something will break if I just upgrade willy-nilly. Plus, having already tested, I know whether or not to follow those instructions.</span></div><div><br><span></span></div><div><span>Oh, and I have also had problems come up by allowing Windoze to update itself.<br></span></div><div> </div><div><font color="#ff007f" face="bookman old style, new york, times, serif"
size="4"><i><strong>Nancy</strong></i></font></div> <div><font face="arial, helvetica, sans-serif">Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.</font></div><div><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;"> <div style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Dave Stevens</font><br></div>Recently I got an email from my drupal 7.10 site informing me that <br>there was an update available to version 7.12. The link took me to a <br>pink hued page where I was told that it was advisable to correct a <br>security problem by upgrading to 7.12. I am then informed that there <br>is no automated upgrade, but
that instructions are available to <br>manually back up files and databases then carry on with a manual <br>upgrade.<br><br>I see this as a real issue with the design of Drupal. It is all very <br>well to find vulnerabilities and announce them, with fixes, but if <br>there is no simple, automated way to apply the fixes there will <br>inevitably be a lot of unpatched cms's out there running outdated and <br>known-vulnerable versions of Drupal.<br><br>The developers may, for all I know, be working hard on an automated <br>update and patch mechanism. Can anyone tell me if this is the case? Am <br>I doomed to continue manually applying security fixes as long as I <br>persist with Drupal? I dumped Win95 a long time ago and have really no <br>wish to regress this way.<br> </div> </div> </blockquote></div> </div></body></html>