Hi!
Drupal, both version 5 and version 6, is a popular CMS and is in the Debian
archive. Upstream regularly releases security updates, which is a good
thing.
Unfortunately Debians packaging is lagging behind. No, I don't want to blame
the maintainer, who is doing a good job anyway. The problem is a different
versioning between Drupal upstream and Debian packaging.
For example the drupal6 package is version 6.6-1.1 while the problem which
lead to 6.6-1.1 was fixed in upstream version 6.7.
This in itself is not a real issue as it is the way how Debian works or is
handling security issues.
The problem comes with Drupals own checks. Since drupal6 the 3rd party update
module from drupal5 was included into drupal6 core. With this addition to
Drupal Core Modules the user/admin is now informed about (security) updates
of installed modules, which is a good thing for security as well.
But now there's a warning everytime an admin of a Drupal site about pending
security issues logs in:
|There is a security update available for your version of Drupal. To ensure
|the security of your server, you should update immediately! See the
|available updates page for more information.
On the update page:
|Drupal 6.6 Security update required!
|Recommended version: 6.8 (2008-Dez-11)
|
| * Download
| * Release notes
|
|Security update: 6.7 (2008-Dez-10)
|
| * Download
| * Release notes
|
|Includes: Block, Blog, Color, Comment, Content translation, Database
|logging, Filter, Forum, Help, Locale, Menu, Node, OpenID, PHP filter, Path,
|Ping, Profile, Search, Statistics, System, Taxonomy, Tracker, Trigger,
|Update status, Upload, User
This is not only annoying but also irritating because of different
versioning between what Drupal says itself and what is installed by Debian.
(Well, yes, Debian seems to lag behind one version atm ;)
So, how can this be solved so that our users are not irritated everytime
they visit their own Drupal sites?
--
Ciao... // Fon: 0381-2744150
Ingo \X/ http://blog.windfluechter.net
gpg pubkey: http://www.juergensmann.de/ij_public_key.asc
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
