Drupal best practice - I want to know what you think about updates
Hi All,
I want to know what you all think about updating modules and a few other things!
Recently I've had a few new clients needing updates to both code and content. At first inspection most had some very outdated module versions which showed up as security risks. I am referring to both minor updates of Drupal core and add-on modules. It was always my understanding that if the module is working and shows that a newer version is available, leave it alone unless it shows a security risk warning. So, using this practice, I've been happily keeping all my clients sites updated according to the 'if it isn't broken, don't fix it' rule unless a security warning pops up..
In one recent case, one very small site - there were 11 security risks! There were also a few modules that probably should have worked but didn't for whatever reasons and when enabled showed very peculiar errors. I suggested that the client provide a budget that allowed m.e to make a full backup of everything and then I would update things until there were no more security warnings... My hope was that by eliminating the security risks and also updating some of the problematic modules, that they would work as designed! The client almost freaked out at this request. The original developer stated that he would not take any responsibility for things not working if I updated the site and even wrote that it's best not to update because things usually get screwed up!
I thought this a bit strange and now I am suspicious because all kinds of little things that normally work on other sites do not on this one... so, what do you all think? Do you update routinely, how often? What are the criteria you use to decide what and when to update?
It's always been my practice to make full backups before handing over access to the client. If something is screwed up, at least I can go back to the point of handover... What do you all do? My instinct tells me to run as far and I can from this client who is not interested in keeping his site risk free? In 3 years, I've only had one problem that was probably due to security so what are your thoughts?
Would love to hear from some hackers or those that practice keeping hackers out... :)
I also recently had a very strange attack on a webform which finally went away when I upped the captcha image to 7 characters... the attack seemed targetted and the messages sent 'almost seemed to try and be clever' but it was clear it was some kind of bot.
Anyone care to get together for an evening to discuss best practice for updating and other design issues?
I've seen a lot of sites recently that had page layout coded using template pages instead of the more flexible blocks method or more sophisticated uses of views or even panels (which I am not so fond of because usually you can get away without them!).
I am looking forward to your thoughts on these subjects!
Susan
PS
as far as venue for this possible meeting, I can offer my home, located in the Sharon Region (near Netanya)...
updating modules must never
updating modules must never ever break a site
if it does break , then something is seriously wrong
either the developer has done really bad work in integrating with them
or the modules themselves are bad quality and shouldn't have been used in the first place
in my opinion the community in drupal have convinced themselves that relying heavily on contributed modules releases them from studying core drupal api and documentation
and this is why it leads many of the times to poorly developed drupal sites
here is a relevant comment :
http://www.drupal.org.il/node/5198#comment-14674
since that comment i have learned more on working with contributed modules and believe it is possible to work with them without problems but it still depends on the developer's quality
yakoub abaya