Hi! Drupal, both version 5 and version 6, is a popular CMS and is in the Debian archive. Upstream regularly releases security updates, which is a good thing. Unfortunately Debians packaging is lagging behind. No, I don't want to blame the maintainer, who is doing a good job anyway. The problem is a different versioning between Drupal upstream and Debian packaging.
For example the drupal6 package is version 6.6-1.1 while the problem which lead to 6.6-1.1 was fixed in upstream version 6.7. This in itself is not a real issue as it is the way how Debian works or is handling security issues. The problem comes with Drupals own checks. Since drupal6 the 3rd party update module from drupal5 was included into drupal6 core. With this addition to Drupal Core Modules the user/admin is now informed about (security) updates of installed modules, which is a good thing for security as well. But now there's a warning everytime an admin of a Drupal site about pending security issues logs in: |There is a security update available for your version of Drupal. To ensure |the security of your server, you should update immediately! See the |available updates page for more information. On the update page: |Drupal 6.6 Security update required! |Recommended version: 6.8 (2008-Dez-11) | | * Download | * Release notes | |Security update: 6.7 (2008-Dez-10) | | * Download | * Release notes | |Includes: Block, Blog, Color, Comment, Content translation, Database |logging, Filter, Forum, Help, Locale, Menu, Node, OpenID, PHP filter, Path, |Ping, Profile, Search, Statistics, System, Taxonomy, Tracker, Trigger, |Update status, Upload, User This is not only annoying but also irritating because of different versioning between what Drupal says itself and what is installed by Debian. (Well, yes, Debian seems to lag behind one version atm ;) So, how can this be solved so that our users are not irritated everytime they visit their own Drupal sites? -- Ciao... // Fon: 0381-2744150 Ingo \X/ http://blog.windfluechter.net gpg pubkey: http://www.juergensmann.de/ij_public_key.asc -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org