[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code

Dries Buytaert dries.buytaert at gmail.com
Thu Jul 27 09:36:37 UTC 2006

On 27 Jul 2006, at 03:50, Gerhard Killesreiter wrote:

> I repeat my opinion: Due to the faster release cycle, Drupal isn't  
> something that should be part of a software distribution which has  
> a long release cycle.

Rather then asking to drop Drupal, we should try to work with them.

We should make it easier for distributions to package, install,  
update and maintain Drupal sites. There is a lot of overlap with what  
hosting companies need to provide mass Drupal hosting.  That alone  
makes this important to get right.

The .install files, the update script and the installer could take  
some burden of the package maintainers (but might need a command line  
extension so they can be hooked into their tools).

Dries Buytaert  ::  http://www.buytaert.net/

More information about the development mailing list