Automatic Updates Initiative meeting on Jun 27, 2023

Created on 14 June 2023, about 1 year ago

Updated 4 January 2024, 6 months ago

This meeting:
➤ Is for core developers, initiative contributors, the Drupal Association and anyone interested in the initiative.
➤ Usually happens every other Tuesday at 1700 UTC.
➤ Is done over chat.
➤ Happens in threads, which you can follow to be notified of new replies even if you don’t comment in the thread. You may also join the meeting later and participate asynchronously!
➤ Has a public agenda anyone can add to
➤ *Transcript will be exported and posted* to the agenda issue. For anonymous comments, start with a :bust_in_silhouette: emoji. To take a comment or thread off the record, start with a :no_entry_sign: emoji.

Transcript

0️⃣ Who is here today? Comment in the thread below to introduce yourself and tell us why you are joining us.

1️⃣ Do you have any topics to propose for the meeting today? Feel free to propose them in this thread, and then I will give them their own unique threads for discussion. Conversation moving slow? Go ahead and open your own thread in the next numeric order.

2️⃣ Security Audit - OSTIF has been informed that we have budget to proceed and is currently arranging the internal RFP with the groups they've worked with for Python and Go TUF implementations. I should here from them soon.

3️⃣ Resolving the issue of some targets being missed:https://gitlab.com/rugged/rugged/-/issues/139#note_1446410437@ergonlogic has found the likely source of the bug, so hopefully we'll have a fix soon.Drumm is now on vacation, but has given me the steps required to update and re-send the targets when that is fixed, so we can keep this moving.

4️⃣ We released 3.0.0-Alpha4 https://www.drupal.org/project/automatic_updates/releases/3.0.0-alpha4Some → things that got in#3364735: WritableFileSystemValidator does not check if the project root is writable - Found at Drupalcon:tada:#3345484: Status check error and warning summary messages do not make sense on the updater forms - Not found at Drupalcon but testers did mention that this was confusing#3365151: Update Composer Stager to 2.0.0-alpha2 to resolve a bug in the rsync file syncer#3253828: Use static analysis to detect new update functions, to reduce false positives in StagedDBUpdateValidator Huge thanks to @phenaproxima for figuring out how to do this without an extra prod dependency. Basically we don’t support DB updates on Cron updates and this stops false positives where we think there might be a DB update and don’t apply an (possibly critical security) update during cron

5️⃣ I spent some time yesterday updating the roadmap issue ( 🌱 Drupal 10 Core Roadmap for Automatic Updates Active ). I think the alpha-blockers list is pretty complete as far as what we know about: more issues might still surface as code reviews and security audits are performed.

6️⃣ There's 4 months left between now and 10.2's alpha. While it would be great to be able to have Automatic Updates releasable as a core beta experimental module in 10.2, 4 months is not a lot of time to finish all the currently listed items in that roadmap's alpha and beta lists, as well as the security audit, remediation of whatever that audit finds, and other things that get surfaced by code reviews.

7️⃣ Wanting to let people know about 🌱 [policy, no patch] Make PHP's OpenSSL extension a requirement for installing and using Package Manager (and therefore, Automatic Updates and Project Browser) Fixed . I'm going to update the title and summary to reflect the choice to require it per comment #5 and then RTBC the issue. But wanting to surface it here in case anyone else wants to offer a different perspective. Drupal has a long history of accommodating hosts that can't use SSL, so it's a pretty big deal to change away from that, but I think warranted given that GitHub requires it.

Participants:

hestenet, effulgentsia, xjm, catch, tedbow

📌 Task

Status

Fixed

Version

2.0

Component

Meetings

Created by

🇺🇸United States hestenet Portland, OR 🇺🇸

Live updates comments and jobs are added and updated live.

contrib-only

Comments & Activities

Issue created by @hestenet
Comment about 1 year ago →
🇺🇸United States hestenet Portland, OR 🇺🇸
Status changed to Fixed 7 months ago5:38pm 8 December 2023
Comment 7 months ago →
🇺🇸United States phenaproxima Massachusetts
Old meeting; this issue is fixed!
Comment 6 months ago →
🇬🇧United Kingdom catch
hestenet → credited catch → .
Comment 6 months ago →
🇺🇸United States effulgentsia
hestenet → credited effulgentsia → .
Comment 6 months ago →
🇺🇸United States tedbow Ithaca, NY, USA
hestenet → credited tedbow → .
Comment 6 months ago →
🇺🇸United States xjm
hestenet → credited xjm → .
Comment 6 months ago →
🇺🇸United States hestenet Portland, OR 🇺🇸
Comment 6 months ago →
🇺🇸United States xjm
Amending attrinution.
Status changed to Fixed 6 months ago8:49am 4 January 2024
Comment 6 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024