[development] RFC: letting modules phone home to check for new releases

[Derek Wright]

On Nov 18, 2006, at 9:47 AM, Steven Wittens wrote:

> Perhaps this could be added to the status report instead.

i'm down with this, only not "instead".  personally, once  
check_updates.module (or whatever) does it's daily ping home and has  
a locally cached table of out-of-date modules (and potentially themes  
+ core), i'd be thrilled to see the admin literally bombarded with  
the fact they've got out-of-date (potentially insecure) modules  
installed:

1) on the modules page (since it's about modules, and that's where  
they'll be seeing the versions of their installed modules in the  
first place).

2) in the status report (grand idea)

3) as a little block that automatically appears any time you visit  
admin/*

then, it'd be pretty hard to miss the fact you're out of date, and  
that you should do something about it.

none of this is meant to replace the drupal.org/security RSS feed,  
and people are encouraged to use that however they wish.  this whole  
proposal just supplements that mechanism with a more direct approach  
that tells people exactly what they have to know.

once we start putting more work into security audits of contrib, our  
poor security RSS feed is going to start turning into the boy that  
cried wolf. :(  of course, we must continue, but more and more, SAs  
are going to go out and people are going to say "oh, i don't care  
about that".

now that we have the means, i want to see us use them to put only the  
relevant data, and all of it, exactly where the admins need it.

thanks,
-derek