[development] RFC: letting modules phone home to check for new releases
larry at garfieldtech.com
Wed Nov 22 04:55:51 UTC 2006
On Tuesday 21 November 2006 22:27, Derek Wright wrote:
> i want this to *help* the security team, not make our lives worse.
> that's why i'm reacting negatively.
Drupal 5 now has the ability to run from the command line, right? So make the
actual replace/upgrade process a command line only script. Checking which
new modules are available can and should be an automated process. Actually
doing the upgrade should be something you have go to well out of your way to
For the sysadmins in the crowd, there's nothing wrong with putting "apt-get
update" in your crontab. "apt-get upgrade" should only be run by the
sysadmin as root, by hand, and therefore when you know you're doing something
1) System auto-updates list of latest versions and lets you know if action is
2) Admin goes to command line and runs drupal-get.php download
3) Admin sets site to offline.
4) Admin runs drupal-get.php backup
5) Admin runs drupal-get.php upgrade
6) Admin runs update.php (or that can be done automatically by #5 if it's
7) Admin brings site back online.
The hard parts (downloading and unpacking) are all automated, but only when
the admin is on the command line (and therefore running as the owner of the
files anyway), and therefore (hopefully) knows exactly what he's doing. Yes,
this excludes people who are on a host that doesn't give them a shell. Given
the file permissions involved, I don't really know of a way around that.
*sits back to have the security holes pointed out in the above.* :-)
Larry Garfield AIM: LOLG42
larry at garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
More information about the development