Contrib.social

[meta] Improve security release update rate

Open on Drupal.org β†’
Created on 16 January 2013, over 12 years ago
Updated 17 April 2025, 5 days ago

Problem/Motivation

When a security update comes out sites are upgrading slowly. You can see this by looking at the usage metrics for popular contrib modules that have had a security release: http://drupal.org/security/contrib. This problem also affects Drupal core.

There are probably several reasons why a site maintainer doesn't upgrade quickly:

  1. Security releases (for contrib) most often also include bug and feature changes complicating an upgrade
  2. Lack of perceived risk or effectiveness to the vulnerabilities
  3. Not knowing or seeing that an update is available

Proposed resolution

Each reason should be addressed, but reasons 3 (and possibly 2) are in the realm of Drupal core through UI or API changes.

  1. GET DATA - poll and user testing, coltrane will begin on this
  2. Analyze it
  3. ✨ Improve relevancy of security update notifications within your Drupal site Active

To address reason 3 it would be beneficial to have some user data on how well users are able to navigate and understand the available update pages in core. I plan to help setup some user testing to collect some data.

Related: #1254128: Unify update pages β†’

✨ Feature request
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component

update.module

Created by

πŸ‡ΊπŸ‡ΈUnited States coltrane

Live updates comments and jobs are added and updated live.
  • Usability

    Makes Drupal easier to use. Preferred over UX, D7UX, etc.

  • stale-issue-cleanup

    To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 5 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thank you for sharing your idea for improving Drupal.

    We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.

    Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024