Quoting Ursula Pieper dramamezzo@gmail.com:
Automated updates are a tricky thing, because they might break things in contributed modules. I have a development and a production site of each of my sites. I first update the development site, run a few pre-defined checks, and then update the production site. And if something broke on the development site, I first look for a fix. And yes, things do break.
Thanks for this. I am not a developer of contributed modules, so I am not sure about such issues. But it makes me wonder about the state of documentation for modules. It seems it would be very useful to have clear statements about coding standards and perhaps some automated verification of the module. I mean apart from 'run it and see how hard it breaks.' Static programming languages have long faced the issues of clear definitions of the actions evoked by statements and have an elaborate structure of checking to improve confidence in the results. Of course, from my newbie perspective, I have no way to know if the internal structure and design of the core is sufficiently stable and clear to form an adequate basis for such an effort. Is it? And are standards in the browser and server ecosystem clear enough?
Dave
I use drush for backup and updates, just a couple of commands, no time-consuming pointy-clicky business.
Ursula
On Sat, Feb 4, 2012 at 10:28 AM, Dave Stevens geek@uniserve.com wrote:
Dear All,
Recently I got an email from my drupal 7.10 site informing me that there was an update available to version 7.12. The link took me to a pink hued page where I was told that it was advisable to correct a security problem by upgrading to 7.12. I am then informed that there is no automated upgrade, but that instructions are available to manually back up files and databases then carry on with a manual upgrade.
I see this as a real issue with the design of Drupal. It is all very well to find vulnerabilities and announce them, with fixes, but if there is no simple, automated way to apply the fixes there will inevitably be a lot of unpatched cms's out there running outdated and known-vulnerable versions of Drupal.
The developers may, for all I know, be working hard on an automated update and patch mechanism. Can anyone tell me if this is the case? Am I doomed to continue manually applying security fixes as long as I persist with Drupal? I dumped Win95 a long time ago and have really no wish to regress this way.
Dave
-- It is told that such are the aerodynamics and wing loading of the bumblebee that, in principle, it cannot fly...if all this be true...life among bumblebees must bear a remarkable resemblance to life in the United States.
-- John Kenneth Galbraith, in American Capitalism: The Concept of Countervailing Power
-- [ Drupal support list | http://lists.drupal.org/ ]