[development] RFC: letting modules phone home to check for new releases

Earl Miles merlin at logrus.com
Sat Nov 18 17:50:27 UTC 2006


Bèr Kessels wrote:
> Op zaterdag 18 november 2006 11:44, schreef Karoly Negyesi:
> 
>>Huh? Last I checked drupal.org/security had an RSS feed and Drupal core had
>>an aggregator which can do blocks and we have excellent control over block
>>visibility.
> 
> This is almost exactly what I mean. Its works now, needs no patches, no 
> modules and no develoment/. It can be done now.

Two other points.

1) It's hard to argue that highly targeted security announcements are a bad 
idea. If 1) drupal.org tracks what modules have security problems and the 
solution, and 2) a site can ask drupal.org for this information an all its 
modules, sites owners can be properly informed. We know that many people 
continue to run with old versions of the software. We can reduce that number a lot.

2) This information can be given via drupal_set_message on /admin, not via 
blocks which can be misconfigured due to user error. We can be certain that the 
right messages are delivered to the right people.



More information about the development mailing list