On Nov 18, 2006, at 9:47 AM, Steven Wittens wrote:
Perhaps this could be added to the status report instead.
i'm down with this, only not "instead". personally, once check_updates.module (or whatever) does it's daily ping home and has a locally cached table of out-of-date modules (and potentially themes + core), i'd be thrilled to see the admin literally bombarded with the fact they've got out-of-date (potentially insecure) modules installed: 1) on the modules page (since it's about modules, and that's where they'll be seeing the versions of their installed modules in the first place). 2) in the status report (grand idea) 3) as a little block that automatically appears any time you visit admin/* then, it'd be pretty hard to miss the fact you're out of date, and that you should do something about it. none of this is meant to replace the drupal.org/security RSS feed, and people are encouraged to use that however they wish. this whole proposal just supplements that mechanism with a more direct approach that tells people exactly what they have to know. once we start putting more work into security audits of contrib, our poor security RSS feed is going to start turning into the boy that cried wolf. :( of course, we must continue, but more and more, SAs are going to go out and people are going to say "oh, i don't care about that". now that we have the means, i want to see us use them to put only the relevant data, and all of it, exactly where the admins need it. thanks, -derek