Robert Cannon's picture


Love the concept. I came looking for a Moodle VM, but as far as I can see, you are only shipping Moodle 1.8? As far as I know, most Moodle installations have moved on to 1.9 and are eagerly awaiting 2.0.   There are so many security and usability issues with 1.8, that the general advice seems to be to go for 1.9 at present (it was released in March 2008, so is pretty stable now). I'm not sure why still has 1.8 for download even - I guess some people can't have upgraded.

Anyway, it would be really great to have a Moodle applicance with Modle 1.9 on it, and I'd guess that 's what most moodle admins would be wanting. Although the full 2.0 is not out yet, doing a VM with the current 2.0 snapshot could generate a lot of interest in the moodle world too.



Liraz Siri's picture

Appliances are assembled from supported packages in the base release we use (Ubuntu 8.04.3). If a supported package is not available from Ubuntu we will sometimes use the supported Debian Lenny package. Supported means supported with security updates.

The 2009.10 version of TurnKey Moodle uses the Moodle package from Ubuntu 8.04 LTS release. The package is fully supported with Ubuntu security updates which are auto-updated daily so there is no need for concern regarding security issues. See the documentation.

It's a bit confusing because often with other systems you have to upgrade to a newer version to get a security update but Debian and Ubuntu don't do things that way. Instead of forcing you to upgrade to a newer version which may break your site, security fixes are backported to the old version.

Note that in April a new version of Ubuntu LTS will come out and new releases of all appliances will follow, including the Moodle appliance. We also plan on building Debian based appliances.

Robert Cannon's picture

OK - thanks.  I'm not concerned about system level security which I'm sure the ubuntu people fix, but  design issues with Moodle itself.   Eg, 1.8 lets users use trivial passwords wheras 1.9 has some password security checking.

Liraz Siri's picture

You're right. Design level security vulnerabilities such as password strength verification probably aren't back ported. Unfortunately I don't see a 1.9 based version of Moodle even in Debian sid, so if you want 1.9 you'll probably have to install from source. You can start from either TurnKey Core, or by modifying your TurnKey Moodle installation. Obviously that's not going to be as easy as using the appliance as-is.

Lewis Carr's picture

Hello both,

I downloaded the VM image and installed it locally using Virtual Box.  I upgraded to 1.9 using FTP and then running the upgrade script.  It did report several errors but the upgrade has worked so this is an option.  I suppose one could then recompile this image so that a 1.9 version can then be deployed as standard.  Moodle Networking will not work as the php_xml_rpc module is not configured in the build so there would be some tweaking required to PHP also.

Jeremy Davis's picture

But you need to be aware, once you upgrade manually you will no longer receive automatic security updates for the Moodle components.

Because of this the Moodle appliance will not be released like you have suggested.

But don't despair the next TKL release will be based on the newer Ubuntu Lucid. The TKL Lucid Moodle appliance will come with Moodle 1.9.4 and will get automatic security updates from Ubuntu.

daleknight's picture

Jeremy, where can I still download the moodle appliance you have described in your post above?

Jeremy Davis's picture

Unfortunately he old TKL appliance which included Moodle 1.8 is no longer available (although you could recreate it yourself if you wished - AFAIK the old 'legacy' Core appliance is still available and Moodle 1.8 can be installed from package managment). As it turned out there was problems with the package management version of Moodle 1.9 running on Ubuntu 10.04/Lucid (the basis of TKL v11.x). I think the main issues where because of php v5.3 although I don't 100% recall.

Add new comment