Just wanted to say thanks to the Magento team for using the Magento Connect Upgrade Manger to provide automated upgrade path for most of us.
Please understand that this easy upgrade path for uncustomized magento installations is crucial for small businesses who use your platform.
If you ask instead people to use the SSH patch commands etc, believe me, a big chunk of these people will be looking for ways to migrate away from Magento , becase the SSH update is just too timec onsuming for many small businessses, who need minimal tech maintenance.
In addition SSH and the patch commands are problematic , especially "patch" is prohibited at at 97% of webhosting companies thereby you would be limiting your growth.
So cheers, and off to the pubs,
in your case this is probably the only best and also working way,
but unfortunately statistics shows that magento connect manager usually breaks everything in most cases,
in fact patching bugs and fixes with ssh - is the only proper solution.
if you upgrading your shop, overwriting files from a zip archive is much better too.
You mean Connet Manager breaks non-customized Magento installations ? I haven't had problems, since I started updatig only the Mage_All module, not all of them at the same time, which did break everything once.
I hope you mean that Connect Manager can break customzied instllations because otherwise that does not sound good at all.
And about this file overwrite method .. non of these patches ever do any direct database operations/modifications ? So it is indeed safe to just overwrite the files ?
And when you overwrite the files, what about the situation if the security fix was implemented into a new file(s) ? The old exploitable files would remain in the system, and they may still pose some security threat, although I agree to a lesser degree.
Magento Connect is quirky at best for upgrading between Magento versions, in my humble opinion.
It is also particularly risky upgrading to a whole new Magento version to fix a security vulnerability, since 1.9.2.1 (for example) includes other code besides the fixes in SUPEE-6482. There is the potential for things to break in quite spectacular ways, particularly with themes that aren't compatible with the new versions.