Content Management System for web/intranet

Cary Gordon listuser at CHILLCO.COM
Mon Oct 15 13:45:06 EDT 2012

As community built software, with over 10,000 community contributed
components, Drupal can have a lot of moving parts. The Drupal project has a
substantial security team that reviews all of Drupal core and contrib
components, and fixes security issues. They release these as they are
created and tested with no filter or holdback.

Fortunately, as I mentioned, there are a couple simple ways to keep these
up to date, including issuing a two-word command to back-up and update the
entire site. There is also a command to only perform security related

Wordpress and Drupal users accrue the benefit of working with products that
are built in the daylight, widely adopted, and used by organizations and
governments which cannot tolerate security vulnerability. Smaller and less
broadly adopted projects don't have and frequently don't really require
this level of assiduous attention.


On Mon, Oct 15, 2012 at 8:21 AM, Alnisa Allgood
<alnisa at>wrote:

> I only mentioned ExpressionEngine as a comparison on that front, because
> we literally have installs, where they receive not a single update for more
> than a year-- and we aren't worried about security or other issues even in
> shared hosting situations. With WordPress and Drupal, I typically recommend
> the installation of security updates pretty immediately, and someone needs
> to do them. That's not an insult to Drupal or WordPress (it's true for a
> lot of things), they need regular care and feeding. EE works better with it
> as well, but it can be left starving for sometime, if need be.

Cary Gordon
The Cherry Hill Company


To unsubscribe:

Web4Lib Web Site:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Web4lib mailing list