Jeff Eaton wrote:
It was suggested that, on clean Drupal installations, we automatically enable the aggregator.module, that we subscribe it to the 'Drupal security announcement' feed, and that we show a 'Drupal security announcement' block on some or all administration pages. This might be a simple but effective step towards a better notification mechanism.
It is certainly a step in the right direction.
This is a GREAT idea. It's worth noting that most other CMS systems, including WordPress, do this in their administration sections. The only trick, I think, is Aggregator.module's dependence on cron. Until a user configures that bit of the system, they won't get any security announcements.
We could instruct the user to invoke cron.php manually after update. The installer could run cron.php after completing the installation. Cheers, Gerhard