Comments on: WordPress Upgrade: I could cry

By: Mike

Mike — Sat, 23 May 2009 20:07:18 +0000

Hi, nice posts there thank’s for the interesting information

By: Bèr Kessels

Bèr Kessels — Sun, 15 Feb 2009 14:25:23 +0000

drush pm update. Just onder 3 secs (clocked it) and 6 modules were updated.

drush pm update –svnsync –svncommit. Just over 12 seconds, my SVN conncetion is not extremely fast. same six modules, only now i have them updates in my svn repos too.

The very fact that you can update wordpress from within wordpress is a severe security hole. The fact that the wordpress comm. does not see it as such says a lot more about the proefessional attitude of the WPteam then about drupal.

By: Boris Mann

Boris Mann — Fri, 13 Feb 2009 22:51:49 +0000

Sorry, but I actually *don’t have FTP on any of the servers that I run* (it uses either FTP or FTP/S). So, I get to manually upgrade WordPress, all the time. I was actually going to do a blog post about this, because this feature doesn’t work for me at all on any of the WP sites I run.

This feature is a perfect fit for the shared hosting that most WordPress sites run on. It’s not a good fit for custom, production hosting that most less-than-trivial Drupal sites run on.

By: greggles

greggles — Fri, 13 Feb 2009 21:27:06 +0000

@naresh – Congratulations on being the first uninformed commenter _after_ my comment (Nicholas Thompson gets the award for before it).

I spent many hours last summer (as did Joshua Rogers, chx, Khalid Baheyeldin, and other community members) working hard to implement this feature. There is no screaming at auto install – there is screaming at the idea of doing it in an unsafe manner.

By: Naresh

Naresh — Fri, 13 Feb 2009 19:18:18 +0000

Unless we loosen up and do things that are in larger interest of 99.9999% people, we are not going to survive long or become plone (enterprise only).

We need to start making Drupal more user friendly in administering it, rather than screaming ****** at the thought of having auto install in Drupal.

Can anyone point to me an instance where this feature has been used by script kiddies or others to mess up WordPress?

It sounds to me like people who screen bloody merry on not having SSL on every single website when their own physical house is secured by $2 lock.

I think paranoid people are holding back the true potential of Drupal by preventing it from becoming mass market product like WordPress, and turning it into another plone.

By: greggles

greggles — Fri, 13 Feb 2009 17:03:04 +0000

Indeed it uses FTP. If it stores the credentials…that’s a little weird.

There is a module for Drupal that does this for modules and themes – http://drupal.org/project/plugin_manager

We just need someone to take it home to core and make it work for core itself.

By: matttthieu

matttthieu — Fri, 13 Feb 2009 16:56:27 +0000

Matt Mullenweg spoke @ Wordcamp Paris last week-end about the next version and WP is not going to have CCK-alike feature (but I did not listen to the whole presentation, I may have missed something)

Wtechdog may certainly be a missing feature for developers.

But I don’t think WP is designed to a be Content Manager Framework as drupal is.

By: Robin

Robin — Fri, 13 Feb 2009 16:53:08 +0000

I believe the feature is done using FTP with stored creds, but, I can’t verify that; and don’t know enough about the system to say for sure how it works,

Robin

By: Robin

Robin — Fri, 13 Feb 2009 16:52:02 +0000

I believe the next WordPress version will allow custom content types like CCK. Views are a different thing altogether. But, maybe will be available as a plugin to go with the next WP version.

By: Nicholas Thompson

Nicholas Thompson — Fri, 13 Feb 2009 16:51:07 +0000

This post implies to me that the entire installation folder is writable by the “apache” user (apache, www, wwwrun, lighttpd… whatever the user is that runs the web server).

This to me screams “security issue!!”. I personally dont want my website to be able to rewrite its own code – be it for a legit update or a bastard script kiddie finding a loop hole…