Upgrading/Updating Magento â
What exactly is the best method or methods for upgrading, updating and/or maintaining Magento and Magento Packets?
SVN (SubVersion) -
I see in research that some posts make reference to SVN â which appears to be a nightmarish âcode-headâ method of updating software. In the forum and Wiki there are plenty of references to SVN and using it to update parts of Magento, but trying to find laymenâs documentation on how to actually use SVN is a whole other story, it is most difficult to find simple how to instructions for SVN.
Links for how to use SVN would be nice. A step by step tutorial for SVN would also be nice. My research shows that SVN appears to be a very powerful package but one needs a âcertified code-headâs degree,â to understand how to use SVN.
It would also be nice if we were told at the time of installation that SVN would be needed so that server adminâs could ensure that SVN was loaded and available. There is nothing more frustrating than to find out at a later date â âoh I need this packageâ, only to have to go get it, install it and worry about what it might break.
Magento Connect â
Once installed one finds the Magento Connect in the admin. This appears simple enough, you find the contribution you want and you put the key in and whola it is downloaded and installed.
But wait, you must make all folders web writeable to use Magento Connect, one must ask â âis this a wise idea?â I have never seen good things happen with all files and/or folders set to 777, in fact we have experienced several problems with folders and/or files being set to 777 so I wonder if this is a good thing? Then I find out that under the Wiki it says â for those who donât want to make folders and files 777, you can use PEAR.
What we need here is a script or button one can run/click that temporarily sets the correct permissions on all Magento files and folders to allow for the use of Magento Connect. Once done using Magento Connect, the admin could then run the script again or click the button and switch the files and folder permissions back to something more secure than 777.
For those of us that donât use PEAR all the references to PEAR are âgreekâ to us non-pear users. So once again it appears that we have another update option, which we must learn. I am not opposed to learning PEAR and actually after researching it PEAR does appear to be fairly easy to use but nothing with Magento seems to be standardized.
Links to PEAR documentation would be helpful for those of us having to learn or refresh our knowledge on the use of PEAR. From the examples in the Wiki, it was most difficult to find out how to add the Magento channels to PEAR.
It would have been useful for admins and installers to be made aware of the PEAR option in the beginning during or before installation so as to prevent frustration and confusion brought on by a desire to update current software. Basically no one likes surprises.
YUM & APT-GET . . .?
Both YUM and APT-GET are universally accepted as mature stable packet managers in all the most popular Linux distros, it would seem to me that Magento being praised as the new upcoming, cutting edge shopping cart would follow suit with others in the field and employee one or both of these packet management systems
I posted a thread asking about YUM and not one person responded. My question here is simple, what is wrong with YUM? Are there any future plans to implement the use of YUM?
I posted a thread asking about APT-GET and not one person responded. Again â my question here is simple, what is wrong with APT-GET? Are there any future plans to implement the use of APT-GET?
I would like to know from other Magento users and admins the following:
1. What have you found to be the best method or methods for updating/upgrading and maintaining Magento?
2. How many forms of updating and upgrading are used in Magento? Specifically what methods of updating and upgrading have I missed in this post that I might encounter and have to learn? I know of SVN and PEAR â what else is there I am missing or will encounter?
3. Has anyone written a script that will temporarily change all Magento files/folders to 777 and allow one to run Magento Connect, then after updating or installing packets, one could run another script that will reset all Magento folders back to the previous privilege settings as they were prior to updating or installation? For those of us that work from the command line, to CHMOD and get everything back the way it was before running Magento Connect would be a laborious chore to have to do each time one wanted to use Magento Connect.
4. Has anyone experienced any SECURITY problems running all Magento folders/files set to 777 just so they could use Magento Connect?
Standard linux conventions dictate that one does not want to run any file or folders at 777 unless one has to for a very specific reason. Myself and other Linux admins I have talked to are generally under the impression that running files and folders unnecessarily set to 777 is a security risk.
If I am incorrect about running all files and/or folders set to 777 being a security risk can anyone please illustrate to me how this is not a security risk?
I would like to know the URLâs of stores running their entire installation of Magento set to 777, I would like to look at some of these stores.
Upgrades, Updates, SVN, PEAR, YUM, Magento Connect, APT-GET,