>Take the case of Apache, for example when was the last time you had to >upgrade because of a security issue?
I see your point but Apache has been around a lot longer than WP. In anycase, there was a vulnerability a few weeks ago: http://lists.centos.org/pipermail/centos-announce/2009-August/016066.html Also, I upgraded a Apache Tomcat a few weeks ago due to a vulnerability. Consider the Centos Security Update Announce list for the past 10 days in September. http://lists.centos.org/pipermail/centos-announce/2009-September/thread.html The link above will indicate why I would consider using CentOS instead of other distros which don't get these frequent security bug fixes. If the turn around time for publishing bug fixes from the time when a vulnerability is listed is too high, it counts against the project. And that is a better metric of project quality rather than the number of listed vulnerabilities. That and, of course, the severity of the vulnerability. I have used Joomla, WP etc before and I have upgraded due to security issues a number of times. But then, I have done the same with my OS, webserver, database, browser etc. If you turn on automatic updates even on your linux desktop, you will see how often security fixes flow in. My point is essentially just this - between setting up a website from ground up using custom developed code and using a popular, frequently update CMS, my vote goes towards the second option - that is, using a popular CMS. Thank you, Prem _______________________________________________ To unsubscribe, email [email protected] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
