There was another security release for Drupal today. I get the security announcements in my email. I open them right away. Sometimes the announcement will be about a module I do not use, and rejoicing ensues. Today, the announcement contained the dreaded word: core. Off to work, then.

Drupal security upgrades are really not that bad. They never break anything on the site, and this one had no database changes. I always back up the database anyway at update time, and for unimportant sites such as this one, update time may be the only time I do a backup. Really must automate that soon...

The thing is that Drupal seems to have security updates fairly often. I get that email every few months. This would be great for business if I was smart, but updates are so very trivial, and the potential for harm is so very great. I just do the update and move on. Don't you just wish I handled your site?

I can't understand why other systems can go so long between fixes. I ain't buying if you tell me Drupal ain't written securely to start with. It also has fewer lines of code compared to other solutions. I don't know why I need to upgrade so often. I do know I feel warm and fuzzy all over.