User: Password:
Subscribe / Log in / New account

Re: Bug#672695: wordpress: no sane way for security updates in stable releases

From:  Russ Allbery <>
Subject:  Re: Bug#672695: wordpress: no sane way for security updates in stable releases
Date:  Sun, 13 May 2012 09:56:17 -0700
Message-ID:  <>
Archive-link:  Article

Jon Dowland <> writes:

> If we can't provide stable packages then I don't see what value we add
> by packaging it at all.  I wonder what the ratio of wordpress+debian
> users is who use the package versus those that hand-install anyway, and
> whether that is something that could ever be feasibly estimated.

As a data point, Stanford University hand-installs Wordpress on our
systems that use it.  This is mostly for reasons entirely unrelated to the
packaging and security issues and is because we need N independent
installations per server for different groups that can vary separately and
need to support installations into AFS, but the fact that we need to
upgrade more aggressively than stable can support is also a factor.

We're finding it very hard to use the packaged versions of large web
application frameworks for a variety of reasons.  One of the big ones is
that web developers seem to expect a very fast upgrade cycle that's hard
to support in Debian; another is that it is really helpful for web
applications to be able to give an entirely independent installation to
each major site rather than trying to share the same code.  For another
example, we were previously using the packaged version of Drupal, but with
Drupal 7 are switching to drush-managed independent installations for each

Russ Allbery (               <>

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds