Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   Security support for CMSes (http://www.linux-archive.org/debian-user/710185-security-support-cmses.html)

Peter Viskup 10-07-2012 10:19 AM

Security support for CMSes
 
Hello everybody,
I am using Drupal6 from Debian repositories as I thought that Debian is
taking care of the security fixes and therefore I do not have to take
care too much.
Unfortunately one of my sites was cracked and there were none of
security fixes released in June 2012 by Drupal community backported to
main release till today. The only 'fixed' version of Drupal6 is
available on backports.debian.org.

Do you use Debian versions of CMSes?
Are you continuously checking the main releases and checking the states
of Debian packages?
What are your proposals for running any CMS available in Debian
repositories?
Does somebody have similar experience from the past or with another CMS
from Debian repositories?

Thank you.

Best regards,
--
Peter Viskup


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 50715734.8040408@gmail.com">http://lists.debian.org/50715734.8040408@gmail.com

Wolf Halton 10-07-2012 01:02 PM

Security support for CMSes
 
I am sorry to hear your site was cracked. I run Drupal on Debian as well. The fundamental flaw here is the lag time between drupal update and packaging on debian. I run drupal 7 for new sites. Installs are not the simplest things in the world, but it comes in handy in an ongoing fashion to have done the work. That way you are sure of your database user and pass as well as exact location of files.


As an engineer, you reasonably want to make the process as simple as possible but no simpler. Packages with public web interfaces like drupal take more care and feeding than any other kind of package I can think of. It is not a Debian issue. Any Linux packager would have a hard time keeping up with a community-maintained monster like drupal. Even if you are running Sid, not suggested for production environment, there is too much lag to trust package maintainers to do the updates for you.




Wolf Halton

http://sourcefreedom.com

Apache developer:

wolfhalton@apache.org

On Oct 7, 2012 6:22 AM, "Peter Viskup" <skupko.sk@gmail.com> wrote:
Hello everybody,

I am using Drupal6 from Debian repositories as I thought that Debian is taking care of the security fixes and therefore I do not have to take care too much.

Unfortunately one of my sites was cracked and there were none of security fixes released in June 2012 by Drupal community backported to main release till today. The only 'fixed' version of Drupal6 is available on backports.debian.org.


Do you use Debian versions of CMSes?

Are you continuously checking the main releases and checking the states of Debian packages?

What are your proposals for running any CMS available in Debian repositories?

Does somebody have similar experience from the past or with another CMS from Debian repositories?

Thank you.



Best regards,

--

Peter Viskup





--

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Archive: http://lists.debian.org/50715734.8040408@gmail.com


All times are GMT. The time now is 09:29 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.