[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code

Khalid B kb at 2bits.com
Thu Jul 27 02:49:35 UTC 2006

On 7/26/06, Larry Garfield <larry at garfieldtech.com> wrote:
> On Wednesday 26 July 2006 20:50, Gerhard Killesreiter wrote:
> > I repeat my opinion: Due to the faster release cycle, Drupal isn't
> > something that should be part of a software distribution which has a
> > long release cycle.

I think what Gerhard is saying, and he has a point, is that under Debian
when someone does apt-get upgrade, they expect that the package gets
upgraded seemlessly the Debian Way.

Since Drupal is a) fast moving, b) composed of core and myriad of
contribs, c) has a web interface for install/update and not a command
line one, it  is difficult to have a proper Debian package that preserves
the user's data integrity as well as keep them up to date with all the
core and contrib they may have.

Unless we have something that combines Adrian's new installer with
sympal's command line scripts, we don't have something that can
be useful in a Debian apt environemnt.

Even if we do, there is still the issue of contrib and the fast pace of Drupal
vs. the conservative nature of Debian.

More information about the development mailing list