[development] Download statistics for core

Peter Kowalke peterlist at kowalke.info
Fri Jun 2 15:03:10 UTC 2006

People could be downloading 4.7 for sandbox fun only. No need to apply
security fixes if the version isn¹t ever going into production. What better
measure is there of use than the number who apply security patches? Of
course, foolish admins who don¹t fix security bugs do skew that data, sadly.

I¹d be curious to see how the numbers change if Drupal had a version check
on the admin section of each installation (like phpBB). If admins had a
clear warning they were using an insecure version, the security patch metric
probably would be a pretty good indication of production use.


On 2006/06/02 10:13 AM, "Corey Bordelon" <corey.bordelon at gmail.com> wrote:

> On 6/2/06, Gerhard Killesreiter <gerhard at killesreiter.de> wrote:
>> Corey Bordelon wrote:
>>> > Considering that the bugfix was released yesterday, I think it may be to
>>> > early to tell if people are forgetting to do the security updates or not.
>>> >
>> The 4.7.1 bugfix is out for a week.
> Sorry.  I meant for 4.7.2
>>> > I noticed that you don't have the stats for the 4.7.0 release.  It
>>> > would be
>>> > interesting to see how many downloaded it compared to 4.7.1.
>> 36693 for May
> Combining the number of downloads for both bugfixes (some may not have had
> time to update to 4.7.1, but just went straight to 4.7.2), it comes out to
> 9406.  That means that only 25% of the people that installed Drupal 4.7.0 in
> May are following  up with the security fixes.
> Of course that's not taking into account the good adminstrators that did the
> actual updates when they should have (duplicates in the numbers).
> I'm sorry if the number cruncher in me is taking over and saying the obvious,
> I can't help it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20060602/6a002b1e/attachment.htm

More information about the development mailing list