Robert Cannon's picture


Love the concept. I came looking for a Moodle VM, but as far as I can see, you are only shipping Moodle 1.8? As far as I know, most Moodle installations have moved on to 1.9 and are eagerly awaiting 2.0.   There are so many security and usability issues with 1.8, that the general advice seems to be to go for 1.9 at present (it was released in March 2008, so is pretty stable now). I'm not sure why still has 1.8 for download even - I guess some people can't have upgraded.

Anyway, it would be really great to have a Moodle applicance with Modle 1.9 on it, and I'd guess that 's what most moodle admins would be wanting. Although the full 2.0 is not out yet, doing a VM with the current 2.0 snapshot could generate a lot of interest in the moodle world too.



Liraz Siri's picture

Appliances are assembled from supported packages in the base release we use (Ubuntu 8.04.3). If a supported package is not available from Ubuntu we will sometimes use the supported Debian Lenny package. Supported means supported with security updates.

The 2009.10 version of TurnKey Moodle uses the Moodle package from Ubuntu 8.04 LTS release. The package is fully supported with Ubuntu security updates which are auto-updated daily so there is no need for concern regarding security issues. See the documentation.

It's a bit confusing because often with other systems you have to upgrade to a newer version to get a security update but Debian and Ubuntu don't do things that way. Instead of forcing you to upgrade to a newer version which may break your site, security fixes are backported to the old version.

Note that in April a new version of Ubuntu LTS will come out and new releases of all appliances will follow, including the Moodle appliance. We also plan on building Debian based appliances.

Robert Cannon's picture

OK - thanks.  I'm not concerned about system level security which I'm sure the ubuntu people fix, but  design issues with Moodle itself.   Eg, 1.8 lets users use trivial passwords wheras 1.9 has some password security checking.

Liraz Siri's picture

You're right. Design level security vulnerabilities such as password strength verification probably aren't back ported. Unfortunately I don't see a 1.9 based version of Moodle even in Debian sid, so if you want 1.9 you'll probably have to install from source. You can start from either TurnKey Core, or by modifying your TurnKey Moodle installation. Obviously that's not going to be as easy as using the appliance as-is.

Add new comment