
Did Drupal and Drupalgeddon Lead to Panama Papers Leaks? - tangue
http://drupal.ovh/drupal-panama-papers-leaks-mossack-fonseca
======
lightlyused
This is just speculation on the part of this web site. You can patch the
software and that will not change the CHANGELOG.txt. Please post again when
you have proof.

------
snowwrestler
I find it hard to blame Drupal when the security patches that would have
prevented access were available, but simply not applied. This is like blaming
Ford when your car engine seizes up because you never changed the oil.

The text of the article betrays a troublesome double standard, saying things
like:

> Because WordPress and Drupal are so mundane nowadays, people easily forget
> that they are continuously online targets for malicious activities.

Of course, all websites, regardless of which software, are continuously online
and targets for malicious activities.

> Since there is no single entity to blame for Drupal or many Open Source
> CMSes, as opposed to commercial entities like Oracle or Microsoft - there is
> no single source to point take responsibility.

If you fail to apply Oracle and Microsoft patches in a timely manner, you will
get hacked on those platforms too. And it won't be Oracle's or Microsoft's
fault.

> Increased awareness of web services security matters is required from the
> Open Source communitities so that we will avoid large information leaks in
> the future.

This has nothing to do with the Open Source communities--Drupalgeddon was
patched months ago. This is simply a business that failed to pay enough
attention to their technology--a situation that is sadly very common.

------
minsight
I had the misfortune to use Drupal a while ago. It seemed like a very
convenient and powerful way to get an extremely full-featured and rich site up
quickly. It was only after attempting one of the frequently-required updates
that I realized that its architecture was atrociously bad. I left immediately
and never looked back.

~~~
snowwrestler
I don't understand this comment. You left because the updates were frequently
required? Or because some aspect of applying the updates was difficult?

~~~
minsight
The application of updates required manually updating databases. There was an
easy-to-use installation procedure but the upgrade process was both not
automated and very easy to break.

The developers (at least at the time) were more interested in making repeated
breaking changes than they were in investing the effort to allow earlier
adopters a reliable upgrade process.

My irritation was that this was the metaphorical equivalent of a business
offering a fantastic deal to new customers but treating existing customers
with palpable disdain.

~~~
ajsalminen
What kind of manual steps are you talking about? Updating Drupal is usually
fairly straightforward and unless you're talking about an alpha/beta release
or doing a major version upgrade and definitely doesn't require manual
database changes most of the time.

