Security support for CMSes
I am sorry to hear your site was cracked. I run Drupal on Debian as well. The fundamental flaw here is the lag time between drupal update and packaging on debian. I run drupal 7 for new sites. Installs are not the simplest things in the world, but it comes in handy in an ongoing fashion to have done the work. That way you are sure of your database user and pass as well as exact location of files.
As an engineer, you reasonably want to make the process as simple as possible but no simpler. Packages with public web interfaces like drupal take more care and feeding than any other kind of package I can think of. It is not a Debian issue. Any Linux packager would have a hard time keeping up with a community-maintained monster like drupal. Even if you are running Sid, not suggested for production environment, there is too much lag to trust package maintainers to do the updates for you.
On Oct 7, 2012 6:22 AM, "Peter Viskup" <email@example.com> wrote:
I am using Drupal6 from Debian repositories as I thought that Debian is taking care of the security fixes and therefore I do not have to take care too much.
Unfortunately one of my sites was cracked and there were none of security fixes released in June 2012 by Drupal community backported to main release till today. The only 'fixed' version of Drupal6 is available on backports.debian.org.
Do you use Debian versions of CMSes?
Are you continuously checking the main releases and checking the states of Debian packages?
What are your proposals for running any CMS available in Debian repositories?
Does somebody have similar experience from the past or with another CMS from Debian repositories?
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org