Scott McLewin wrote:
Gerhard Killesreiter wrote:
This is a GREAT idea. It's worth noting that most other CMS systems, including WordPress, do this in their administration sections. The only trick, I think, is Aggregator.module's dependence on cron. Until a user configures that bit of the system, they won't get any security announcements.
We could instruct the user to invoke cron.php manually after update. The installer could run cron.php after completing the installation.
The concept of an administration block that shows up when patches are available is a good one, especially if a default Drupal install had it enabled for the administrator out of the box.
To work through some of the dependence on sites running cron, I propose that this same block also show a notice if cron has not been run in over two weeks (or some reasonable time frame that is measured in days and not hours).
++
The block would alert the admin to the fact that cron has not run since date DD MMM, YYYY and provide a link to click to check for security updates. That link could kick off cron. There is an issue of the user than expecting a response quickly (which cron does not necessarily provide). It also assumes that Drupal stores the time/date of the last successful cron run. If it does not, that's an easy patch.
It does store the dates of watchdog events.
I'd find this useful personally in two ways. First, in the context described here it would help catch the cases where an admin would miss security updates because the aggregator did not run to draw down the RSS feed of the updates. Second, I've made the same mistake several times across the Drupal based sites I manage. I've typically forgotten to modify cron-lynx.sh to point to my site and not www.example.com, and I forget to make the change until I notice that cron-driven content is a week or three out of date. I've since moved cron-lynx.sh out of the Drupal tree - this sort of admin warning that cron is not running would have helped me catch what is a slightly embarrassing mistake. Hopefully it's not just me making it. :)
I think this would be a useful extension of the patch. I suggest somebody open an issue and collect ideas there (if there isn't already one, please check that before). Cheers, Gerhard