ubuntuforums-unanswered team mailing list archive

Thread
Date

Re: [Question #76464]: Drupal6 needs security updates

To: ubuntuforums-unanswered@xxxxxxxxxxxxxxxxxxx
From: Scott Testerman <question76464@xxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 12 Jul 2009 09:11:25 -0000
Reply-to: question76464@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #76464 on drupal6 in ubuntu changed:
https://answers.launchpad.net/ubuntu/+source/drupal6/+question/76464

    Status: Open => Answered

Scott Testerman proposed the following answer:
Before upgrading Drupal it's necessary to turn off all non-core modules
since they can easily break the Drupal upgrade.  When installing new
Drupal packages using the standard apt system, there's no way to check
that the modules are, in fact, turned off.

Further, the system in question may be headless, as well as auto-
updated, which means that even if there's a way to check and display a
message about breakage, it may not be seen.  In this instance, it means
that the expected auto-upgrades would cease to happen since the system
would forever be waiting for somebody to answer a message that couldn't
be answered.

This all means Ubuntu will happily break a working Web site, just as it
was asked to do.  While you and I know that this is simply poor
management skills on the part of the admin in question, the net effect
is simply going to be, "I refuse to use Ubuntu any more because it broke
my site."  That's bad for Ubuntu, and very possibly bad for Debian if
the user assumes it's a Debian thing rather than something specific to
Ubuntu.  I don't want the convenience of installing Drupal in under 30
seconds to detract from Ubuntu's reputation.

OTOH, I really would like to see more frequent updates to Drupal in the
repositories, especially since this is a Universe -- and therefore,
officially unsupported -- package.  Ubuntu has traditionally been fairly
quick with rolling out security updates, and I believe that unsupported
applications are just as important to system security as supported
applications.  Since Ubuntu now comes with Universe and Multiverse
enabled by default, many users probably don't even recognize the
difference any more, therefore they won't know that Drupal is from a
whole different world.

You received this question notification because you are a member of UF
Unanswered Posts Team, which is an answer contact for Ubuntu.