Automated updates are a tricky thing, because they might break things in contributed modules. I have a development and a production site of each of my sites. I first update the development site, run a few pre-defined checks, and then update the production site. And if something broke on the development site, I first look for a fix. And yes, things do break.

I use drush for backup and updates, just a couple of commands, no time-consuming pointy-clicky business.

Ursula

On Sat, Feb 4, 2012 at 10:28 AM, Dave Stevens <geek@uniserve.com> wrote:
Dear All,

Recently I got an email from my drupal 7.10 site informing me that
there was an update available to version 7.12. The link took me to a
pink hued page where I was told that it was advisable to correct a
security problem by upgrading to 7.12. I am then informed that there
is no automated upgrade, but that instructions are available to
manually back up files and databases then carry on with a manual
upgrade.

I see this as a real issue with the design of Drupal. It is all very
well to find vulnerabilities and announce them, with fixes, but if
there is no simple, automated way to apply the fixes there will
inevitably be a lot of unpatched cms's out there running outdated and
known-vulnerable versions of Drupal.

The developers may, for all I know, be working hard on an automated
update and patch mechanism. Can anyone tell me if this is the case? Am
I doomed to continue manually applying security fixes as long as I
persist with Drupal? I dumped Win95 a long time ago and have really no
wish to regress this way.

Dave


--
It is told that such are the aerodynamics and wing loading of the
bumblebee that, in principle, it cannot fly...if all this be
true...life among bumblebees must bear a remarkable resemblance to
life in the United States.

-- John Kenneth Galbraith, in American Capitalism: The Concept of
Countervailing Power


--
[ Drupal support list | http://lists.drupal.org/ ]