On Fri, Jun 8, 2018 at 6:46 AM, Russell Stuart wrote: > I'll drive the point home with yesterdays (literally yesterdays) > headline: "Three months later, a mass exploit of powerful Web servers > continues". The headline is referring to the 1000's of unpatched > Drupal servers out there, unpatched because patching required upgrading > to the latest version which is too hard. Wordpress sites using the > Debian package with unattended upgrades installed would likely have > been patched before news of the exploit made the headlines.
In my experience the Wordpress upstream auto-upgrade system is typically faster than the Debian's handling of Wordpress. I also get the impression that the number of CVEs (let alone all security issues) is scaling faster than the amount of folks in Debian who are handling them. -- bye, pabs https://wiki.debian.org/PaulWise
