Dupal One-click-Install needs security update

“Easy Mode” Dupal One-click-Install needs a security update.

On my Durpal administration pages as
http://.dreamhosters.com/admin/reports/status it telling me this warning [Not secure! (version 6.3 available)] http://drupal.communidb.dreamhosters.com/admin/reports/updates -> http://ftp.drupal.org/files/projects/drupal-6.3.tar.gz - however, since this is a One-click-install I can’t install this.

DreamHost admin,

  • please do the honors (please install it).
  • And is there a reason this update isn’t automatic & hasn’t already been installed? Thanks.

We’re just customers here. You’ll have to submit a support ticket through the panel.


I think there will be a number of these situations that come up. Drupal isn’t one product, it’s a thousand products flying the same flag. Every module is written by someone different, and all of the modules have differing levels of stability and author dedication This week the inquiry is about v6.3, next week it will be module-X. Not using the One-click here, I’m updating one module or another about every week. This isn’t the case with other packages that might get updated every 1-3 months, like WordPress.

If security, or any feature of your site, is important to you then you may not be a One-click kind of person. Part of the problem with one-click, as I see it, is that you’re sort a lab rat for whatever experiments are available in any given module at the time you install it. Our friends at DH may bundle up a release for you and it looks good to them, but they can’t thoroughly test every feature that everyone will be using. So they’ll give you an update now and there may be another update next week. Since any one module may mis-behave on you at any given time, you may be subject to a security issue in the core this week or major lack of functionality next week - something that slipped by the author who is now frantically trying to patch the problem in the late hours after they get home from their day job. These are issues with open source in general and the trade off for “easy mode” installations is that you’ll have to be patient with the development cycle of other people who do all the work for you for free.

Another issue with one-clicks with Drupal in particular, is that the product doesn’t grow by the Core itself, it grows when module and theme developers take advantage of the features in the core - and there is always a lag between the time when a new core update is published and when various modules become available and stable over that release. I think Drupal itself is pretty bland without many of the significant modules, and once you get bitten by the module fever - well, it’s sometimes like being a kid in a candy store, and with equally limited funds. In our case, funds are resources - the more modules you add to Drupal the more time it takes to figure out how they work and maintain them all. With easy click you don’t have this problem - but you don’t get to try all the cool modules either.

The alternative to the easy mode is to learn how to monitor these things on your own, or to get someone else to monitor these things for you (not volunteering here), selectively installing only the releases that you believe are stable for the sort of usage you have on your website. Doing it like this, you may choose to not install module X or theme Y because other people are complaining about them. “But all I want is a website and I don’t want to have to deal with all the software issues.” This is part of the paradox of this thing that we’re all doing with these shared hosts. We either have time or money - time to spend on site management or money to pay someone else to do it. The other leg of that triangle is quality. Don’t be fooled, you will pay in one area or the other. Easy installs at a shared host will save you time and money but they both draw from quality, which is subject to individual discretion.

Oh well, nuff outta me.