Bèr Kessels wrote:
Op zaterdag 18 november 2006 11:44, schreef Karoly Negyesi:
Huh? Last I checked drupal.org/security had an RSS feed and Drupal core had an aggregator which can do blocks and we have excellent control over block visibility.
This is almost exactly what I mean. Its works now, needs no patches, no modules and no develoment/. It can be done now.
Two other points. 1) It's hard to argue that highly targeted security announcements are a bad idea. If 1) drupal.org tracks what modules have security problems and the solution, and 2) a site can ask drupal.org for this information an all its modules, sites owners can be properly informed. We know that many people continue to run with old versions of the software. We can reduce that number a lot. 2) This information can be given via drupal_set_message on /admin, not via blocks which can be misconfigured due to user error. We can be certain that the right messages are delivered to the right people.