From: Vamsee Kanakala <[email protected]> >Please read the reasons for the upgrade. Do you seriously think they >release wordpress updates with new features every two weeks? Check the >Changelog, please:
>http://codex.wordpress.org/WordPress_Versions >Two of the last three releases are security releases. Do you see how >closely they are released? Exactly two weeks. Please show me a blog >system written in any other language that does 'security releases' so >often. Please proceed to read up the past release schedule, this pattern >will be self-evident. There are 100s of open source CMSs out there. This is because some developer or other decided that ALL of the existing open source CMSs didn't meet his expectation and so he/she wrote one more. Very few of these CMSs see widespread usage - Drupal, Joomla, Typo3, Wordpress etc are exceptions and not the rule. As these CMSs are more frequently used, attacks against these CMSs will also be higher and also also the people working on fixing these holes - which is why you see lot more security patches in the more popular CMSs. If you go for a completely static site, it would be only a matter of time before you start adding dynamic elements to the site. It may start with a signup form, a news ticker and soon before you know it, you will have your own mini CMS. If you decide to develop a CMS from scratch, the chances are that many security holes will remain in your solution because not too many people will check for them. Therefore superficially it may seem that your software is more secure - that is until someone decides to exploit some hole. The best approach is to choose any of the popular CMSs (they are all mostly similar in terms of features) and then use it for the site instead of developing one from scratch or assuming that you are going to remain content with a purely static site. If the CMS sees good usage, you will also receive timely fixes which you can apply to the site. Thanks, Prem _______________________________________________ To unsubscribe, email [email protected] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
