Wolf Halton http://sourcefreedom.com Apache developer: wolfhal...@apache.org On Oct 7, 2012 10:01 AM, "Robert Pommrich" <leprovokat...@gmx.de> wrote: > > Hi, > > Am 07.10.2012 12:19, schrieb Peter Viskup: > > Hello everybody, > > I am using Drupal6 from Debian repositories as I thought that Debian is > > taking care of the security fixes and therefore I do not have to take > > care too much. > > Unfortunately one of my sites was cracked and there were none of > > security fixes released in June 2012 by Drupal community backported to > > main release till today. The only 'fixed' version of Drupal6 is > > available on backports.debian.org. > > Do you use Debian versions of CMSes? > > Are you continuously checking the main releases and checking the states > > of Debian packages? > > What are your proposals for running any CMS available in Debian > > repositories? > > Does somebody have similar experience from the past or with another CMS > > from Debian repositories? > > you should address the issue to the maintainer lu...@debian.org, > and the security team [1] (secur...@debian.org or > t...@security.debian.org), which I put in CC. > > Looking at > > http://security-tracker.debian.org/tracker/status/release/stable > > there are 2 issues which are not fixed in the current stable version of > drupal6. Perhaps the maintainer and/or the security team overlooked them. > > [1] http://www.debian.org/security/faq#contact > > Robert > > Thank you. > > > > Best regards, > > -- > > Peter Viskup > > > > > The reason to have a drupal package or any other community or multiverse package is most likely that somebody had the inclination to do the packaging. Whether it be a good plan to use it is up to the individual user.
Wolf PS I know it is hard to be objective when ones own site has neen cracked. Computer security is not a state; it is a process. The more third-parties involved in ones security, the easier it is to delegate security to them. I get email updates from my drupal sites with module and core updates. I use drush to update all and the whole process takes less than 10 minutes. One could automate this with a cron job, but I like to know which modules are neing updated. > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/50718b62.1030...@gmx.de >
