ubuntuforums-unanswered team mailing list archive
-
ubuntuforums-unanswered team
-
Mailing list archive
-
Message #03233
Re: [Question #76464]: Drupal6 needs security updates
Question #76464 on drupal6 in ubuntu changed:
https://answers.launchpad.net/ubuntu/+source/drupal6/+question/76464
Status: Answered => Open
barsalou is still having a problem:
Quoting Scott Testerman <question76464@xxxxxxxxxxxxxxxxxxxxx>:
> Your question #76464 on drupal6 in ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/drupal6/+question/76464
>
> Status: Open => Answered
>
> Scott Testerman proposed the following answer:
> Before upgrading Drupal it's necessary to turn off all non-core modules
> since they can easily break the Drupal upgrade. When installing new
> Drupal packages using the standard apt system, there's no way to check
> that the modules are, in fact, turned off.
>
So that would imply i'd have to come up with a way to check if they
are on or off....that would solve this little headache.
> Further, the system in question may be headless, as well as auto-
> updated, which means that even if there's a way to check and display a
> message about breakage, it may not be seen. In this instance, it means
> that the expected auto-upgrades would cease to happen since the system
> would forever be waiting for somebody to answer a message that couldn't
> be answered.
I wonder how many systems that are headless and auto-updated are using
drupal? I suppose it's quite a few because of the popularity. I
wonder if adding some sort of switch within the drupal update could
account for that?
>
> This all means Ubuntu will happily break a working Web site, just as it
> was asked to do. While you and I know that this is simply poor
> management skills on the part of the admin in question, the net effect
> is simply going to be, "I refuse to use Ubuntu any more because it broke
> my site." That's bad for Ubuntu, and very possibly bad for Debian if
> the user assumes it's a Debian thing rather than something specific to
> Ubuntu. I don't want the convenience of installing Drupal in under 30
> seconds to detract from Ubuntu's reputation.
I'm in agreement here, sullying Ubuntu or Debian for the sake of
convenience isn't a good idea.
This makes me wonder if doing a patch might be a better choice?
>
> OTOH, I really would like to see more frequent updates to Drupal in the
> repositories, especially since this is a Universe -- and therefore,
> officially unsupported -- package. Ubuntu has traditionally been fairly
> quick with rolling out security updates, and I believe that unsupported
> applications are just as important to system security as supported
> applications. Since Ubuntu now comes with Universe and Multiverse
> enabled by default, many users probably don't even recognize the
> difference any more, therefore they won't know that Drupal is from a
> whole different world.
This is especially true of the crowd that says 'I refuse to use Ubuntu
...' as mentioned above. Additionally, I've hear folks say ' no use
in using the Ubuntu package because security updates don't come out
very fast..'
There may not be a way to win in this particular arena.
Mike B.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
You received this question notification because you are a member of UF
Unanswered Posts Team, which is an answer contact for Ubuntu.