On Tuesday 21 November 2006 22:27, Derek Wright wrote:
i want this to *help* the security team, not make our lives worse.
that's why i'm reacting negatively.
Drupal 5 now has the ability to run from the command line, right? So make the actual replace/upgrade process a command line only script. Checking which new modules are available can and should be an automated process. Actually doing the upgrade should be something you have go to well out of your way to do. For the sysadmins in the crowd, there's nothing wrong with putting "apt-get update" in your crontab. "apt-get upgrade" should only be run by the sysadmin as root, by hand, and therefore when you know you're doing something dangerous. :-) So: 1) System auto-updates list of latest versions and lets you know if action is necessary. 2) Admin goes to command line and runs drupal-get.php download 3) Admin sets site to offline. 4) Admin runs drupal-get.php backup 5) Admin runs drupal-get.php upgrade 6) Admin runs update.php (or that can be done automatically by #5 if it's safe) 7) Admin brings site back online. The hard parts (downloading and unpacking) are all automated, but only when the admin is on the command line (and therefore running as the owner of the files anyway), and therefore (hopefully) knows exactly what he's doing. Yes, this excludes people who are on a host that doesn't give them a shell. Given the file permissions involved, I don't really know of a way around that. *sits back to have the security holes pointed out in the above.* :-) -- Larry Garfield AIM: LOLG42 larry@garfieldtech.com ICQ: 6817012 "If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson