[development] RFC: letting modules phone home to check for new releases
Derek Wright
drupal at dwwright.net
Wed Nov 22 02:11:32 UTC 2006
On Nov 21, 2006, at 5:54 PM, Sammy Spets wrote:
> The file must be manually created prior to the upgrade though a way
> to generate the file is provided.
you lost me. ;) if the admin has to manually type in the random key
to allow the "automatic" update to do its thing, what's the point of
calling it "automatic" and giving the website filesystem write access
to clobber itself?
why not just say "human intervention is REQUIRED"?
1) put site into system maintenance mode
2) backup DB and filesystem
3) run some "fetch_latest.php" script that knows all your installed
modules, downloads the updated tarballs, unpacks them into place, etc
4) run update.php
5) test to make sure life is good
6) leave system maintenance mode and return to live operation.
i'm happy to see steps #2 and #3 as automated as possible, but #3
should definitely run as the high-privileged admin's uid, not the uid
of the webserver process itself.
anything less would be uncivilized... ;)
-derek
More information about the development
mailing list