[development] Re: [support] Drupal 4.6.6/4.5.8 security releases
Bèr Kessels
ber at webschuur.com
Tue Mar 14 20:24:38 UTC 2006
Op dinsdag 14 maart 2006 11:11, schreef Gerhard Killesreiter:
> I guess a letter of introduction to the security list would be a good
> thing to do.
If people cannot find their way to the (already well marketed) securoty
mailing list, RSS feed, online postings and mailinglist announcements. They
should not run sites.
If you cannot spend that minor time on a daily/hourly basis to upgrade your
site. AND to find your information when and how to do so, you should not run
a Drupal site.
People who feel "its too much work to keep Drupal secure" or who find that
"Drupal lacks proper security systems" have (IMNSO) two options:
* Buy support. Bryght is the one name popping in my mind, but I am sure there
are smaller services too. You can even train one employee for this in your
organisation.
* Get involved and improve it. If you know how stuff should be done. And if
you can provide the time, effort and work Dries, Karoly and Gerhard spend on
this, then please do so! And no, unfortunately that is not about "typing a
mail in your afternoonbreak" We are talking 23.00 - 02.00 overtime meetings.
These people spend nights of their life to get YOUR security updates out in a
proper way.
I am rather dissapointed by the flames trown at these people who managed to
build YOUR security patches. Test them. Maintain them. Get them online. Type
annoucements for them. They should get (y)our applause. Or donations titled
"thanks for the quick and nicely managed security patch". Not bithching abot
some mail being sent out before another one.
Gerhard, Karoly, Dries, and all others involved, a big thanks for this hard
work!
Bèr
More information about the development
mailing list