[development] Re: [support] Drupal 4.6.6/4.5.8 security releases

Bèr Kessels ber at webschuur.com
Tue Mar 14 20:24:38 UTC 2006

Op dinsdag 14 maart 2006 11:11, schreef Gerhard Killesreiter:
> I guess a letter of introduction to the security list would be a good
> thing to do.

If people cannot find their way to the (already well marketed) securoty 
mailing list, RSS feed, online postings and mailinglist announcements. They 
should not run sites. 

If you cannot spend that minor time on a daily/hourly basis to upgrade your 
site. AND to find your information when and how to do so, you should not run 
a Drupal site. 

People who feel "its too much work to keep Drupal secure" or who find that 
"Drupal lacks proper security systems" have (IMNSO) two options:
 * Buy support. Bryght is the one name popping in my mind, but I am sure there 
are smaller services too. You can even train one employee for this in your 

 * Get involved and improve it. If you know how stuff should be done. And if 
you can provide the time, effort and work Dries, Karoly and Gerhard spend on 
this, then please do so! And no, unfortunately that is not about "typing a 
mail in your afternoonbreak" We are talking 23.00 - 02.00 overtime meetings. 
These people spend nights of their life to get YOUR security updates out in a 
proper way. 

I am rather dissapointed by the flames trown at these people who managed to 
build YOUR security patches. Test them. Maintain them. Get them online. Type 
annoucements for them. They should get (y)our applause. Or donations titled 
"thanks for the quick and nicely managed security patch". Not bithching abot 
some mail being sent out before another one. 

Gerhard, Karoly, Dries, and all others involved, a big thanks for this hard 


More information about the development mailing list