Op dinsdag 14 maart 2006 11:11, schreef Gerhard Killesreiter:
I guess a letter of introduction to the security list would be a good thing to do.
If people cannot find their way to the (already well marketed) securoty mailing list, RSS feed, online postings and mailinglist announcements. They should not run sites. If you cannot spend that minor time on a daily/hourly basis to upgrade your site. AND to find your information when and how to do so, you should not run a Drupal site. People who feel "its too much work to keep Drupal secure" or who find that "Drupal lacks proper security systems" have (IMNSO) two options: * Buy support. Bryght is the one name popping in my mind, but I am sure there are smaller services too. You can even train one employee for this in your organisation. * Get involved and improve it. If you know how stuff should be done. And if you can provide the time, effort and work Dries, Karoly and Gerhard spend on this, then please do so! And no, unfortunately that is not about "typing a mail in your afternoonbreak" We are talking 23.00 - 02.00 overtime meetings. These people spend nights of their life to get YOUR security updates out in a proper way. I am rather dissapointed by the flames trown at these people who managed to build YOUR security patches. Test them. Maintain them. Get them online. Type annoucements for them. They should get (y)our applause. Or donations titled "thanks for the quick and nicely managed security patch". Not bithching abot some mail being sent out before another one. Gerhard, Karoly, Dries, and all others involved, a big thanks for this hard work! Bèr