Hi Alex and All others, Doesn't this very issue go to the heart of the Mediawiki survey of Stakeholders found? Accordingly to the slideshow on that survey 71% of all independent users of Mediawiki use an old outdated version of the software. I think we can safely assume almost all of those users have not updated their sites with security patches. The problem is the technical knowledge to update Mediawiki is above the average user of the software and/or they lack command line access. By not having an easy GUI to both update the software and the extensions to the software it effectively leads to a lot of sites running with the ghost of Christmas past.
Sent from my iPad > On Dec 4, 2015, at 12:29 PM, Alex Monk <[email protected]> wrote: > >> On 4 December 2015 at 19:52, Jan Steinman <[email protected]> wrote: >> >> Having been stung by various upgrades over the years, I tend to not touch >> stuff that isn't broken. I'm running several MediaWiki sites between 1.13 >> and 1.16. I'd sorta like to upgrade, but I don't know what that buys me, >> and y'know, they're all working... :-) >> > > Are you aware of what security issues (which are now public) your wikis are > vulnerable to? I am very sceptical that stuff "isn't broken", although I > (personally) am not going to research old issues, find your wiki, and then > attack it, to make a point. Have you really backported/rewritten patches > for all of them yourself? I've been involved in MediaWiki development for a > few years now - and 1.16 was obsolete before I started. > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
