[development] RFC: letting modules phone home to check for new releases
drupal at dwwright.net
Sat Nov 18 18:28:45 UTC 2006
On Nov 18, 2006, at 9:47 AM, Steven Wittens wrote:
> Perhaps this could be added to the status report instead.
i'm down with this, only not "instead". personally, once
check_updates.module (or whatever) does it's daily ping home and has
a locally cached table of out-of-date modules (and potentially themes
+ core), i'd be thrilled to see the admin literally bombarded with
the fact they've got out-of-date (potentially insecure) modules
1) on the modules page (since it's about modules, and that's where
they'll be seeing the versions of their installed modules in the
2) in the status report (grand idea)
3) as a little block that automatically appears any time you visit
then, it'd be pretty hard to miss the fact you're out of date, and
that you should do something about it.
none of this is meant to replace the drupal.org/security RSS feed,
and people are encouraged to use that however they wish. this whole
proposal just supplements that mechanism with a more direct approach
that tells people exactly what they have to know.
once we start putting more work into security audits of contrib, our
poor security RSS feed is going to start turning into the boy that
cried wolf. :( of course, we must continue, but more and more, SAs
are going to go out and people are going to say "oh, i don't care
now that we have the means, i want to see us use them to put only the
relevant data, and all of it, exactly where the admins need it.
More information about the development