update.module provides a setting for site admins to enter a set of email addresses to notify when the site is out of date. Should we make it so that by default, the site email address is filled in as the value for this setting, perhaps during the default core installer? If so, how (if at all) should we handle upgrades from D5? I guess we're not enabling update.module in that case anymore, but perhaps the warning message about enabling the module should mention it?
As per http://drupal.org/node/199685, the security newsletter is woefully under utilized, so it'd be nice to make drupal more secure out of the box by generating notification emails without the site admin having to hunt down this setting.
Short of the installer filling in the site email as the default, any other suggestions on how to make this setting more visible or more likely that site admins will use it? I hate to make the installer page too busy, but maybe another checkbox next to the one about opt in for "Send e-mail notification to the site email address when there are available updates"?
Maybe there should be a warning message printed on the available updates report if there are no email addresses configured for notification?
Just brain storming here, ideas welcome before someone tries to roll a patch. At this stage, talk is still gold. ;)
@Dries/Gabor: any hope this would land before the RC if someone comes up with an RTCB'ed patch? No sense wasting time on this if it's going to inevitably die in the end...
Comment | File | Size | Author |
---|---|---|---|
#33 | 199774-31.automatic_update_emails.patch | 4.87 KB | ugerhard |
#31 | 199774-31.automatic_update_emails.patch | 4.87 KB | dww |
#31 | 199774-31.automatic_update_emails.png | 40.76 KB | dww |
#29 | 199774-automatic_update_emails-rev5.patch | 5.09 KB | brianV |
#29 | 199774-email-updates-ui-change.png | 34.22 KB | brianV |
Comments
Comment #1
dwwComment #2
John Morahan CreditAttribution: John Morahan commentedWe should definitely do something.
Comment #4
lilou CreditAttribution: lilou commentedSee: #335122: Test clean HEAD after every commit and http://pastebin.ca/1258476
Comment #5
catchI missed this setting for a long time. Good idea, tests pass, RTBC.
Comment #6
Dries CreditAttribution: Dries commentedPlease add a code comment explaining (i) what it does and (ii) why we do this. :-)
Comment #7
John Morahan CreditAttribution: John Morahan commentedAdded a comment. I also changed it to use the administrator email instead of the site email, on the theory that if they are different, mail to the administrator is more likely to reach the right person.
Comment #8
catchI think this is a good idea, but we need to change the help text to say we're going to send e-mails to the administrator - otherwise we'll probably get complaints.
Comment #9
brianV CreditAttribution: brianV commentedPersonally, I like having it in a selectable checkbox on the install page. I think it's an important security feature, but at the same time, I don't need it for most of the sites I build & maintain, so the ability to turn it off at install time is appealing.
To that end, I've put it into the install screen with help text. See the screenshot.
Patch for D7 attached.
Comment #10
brianV CreditAttribution: brianV commentedtagging
Comment #12
brianV CreditAttribution: brianV commentedSetting to needs review - testbot was temporarily broken by #361277: Remove the 'post settings' admin screen and relocate contents
Comment #13
dwwThanks for moving this forward. I was happy to see it show up in my issues page with a patch. ;)
Note: the variable you're setting isn't just about security updates. There's a related setting, the "E-mail notification threshold", which controls if the emails are sent anytime there are available updates, or just if there are security updates available. Therefore...
A) The help text in the installer is therefore wrong in this patch/screenshot, since the default for the notification threshold is for all updates.
B) I don't think we want to also ask about the notification threshold in the installer. But, perhaps we should mention it in the footer of the emails. Something like:
?
C) Also, perhaps there should be a wee bit of JS to hide the email setting whenever the "Check for updates automatically" setting is unselected?
Comment #14
brianV CreditAttribution: brianV commentedYour suggestions sound good. I will reroll a patch later with the suggested changes.
Comment #15
brianV CreditAttribution: brianV commentedNew patch attached, with everything recommended by dww in #13.
Comment #16
brianV CreditAttribution: brianV commentedoops - typo in that last patch. New one attached!
Comment #17
webchickLet's get a screenshot of how this affects the installer, please.
Comment #18
dwwLooks good. Haven't tested (my laptop can no longer run D7 once dbtng landed and PDO is a requirement -- it's on my list to recompile everything!). My two lingering concerns:
D) (probably should move to a separate issue) Why don't we have system.installer.js or misc/installer.js or something for JS that's only used in the installer? Seems sort of a shame to put functions that are only ever invoked via the installer into system.js itself to bloat other pages. Luckily, system.js is *not* installed on every page load, so it's less of a concern, but still...
E) The translators are going to have a fit with this. This split assumes every language will work grammatically the same way as English. They're also going to complain that the $notification and $alternate fragments don't have enough context. I think what we really need is to just have two complete strings for the whole thing, and let the conditional select which complete string to use based on the current setting.
Moving to "needs work" for (E). (D) is really more a "needs review" question... ;)
Comment #19
dwwFixed (E). Still wondering about (D).
@webchick: Screenshot (slightly stale wording, but the basic idea) is at http://drupal.org/files/issues/email-updates.png from comment #9.
Comment #20
dwwSide note: this JS stuff cries out for the '#dependency' goodness from CTools. ;)
Comment #21
brianV CreditAttribution: brianV commented@dww - I think (D) is something that should be done. However, I think that's a separate issue.
Good work on fixing the t() problems. I thought about that as I was writing it.... and promptly forgot about it. :p
@webchick - I am attaching two new screenshots (although the text may be *slightly* changed by dww's patch). One screenshot is with them both checked, the other is with the automatic updates box unchecked, and the new text stuff hidden.
Note that the JS unchecks the new checkbox as it is hidden, so it will always have an appropriate value when submitted.
Comment #22
Bojhan CreditAttribution: Bojhan commentedSorry, but it is not needed to show this as option. Put it away in some configuration somewhere, but not on the installer.
Comment #23
webchickThe case has been made for why it needs to go in the installer, but I agree that this is tossing an awful lot of information at someone who doesn't even know what Drupal is yet. I think we need to at least:
1. Move update stuff to its own fieldset.
2. Shorten the description by at least 50 words. :P
Perhaps:
Comment #24
dww@Bojhan: Once upon a time I wanted update.module to be on by default, but people raised a stink about that it has to be opt-in and to put it on the installer (#178581: beta 3 breaker: update.module: opt-in, not opt-out). So, we can't remove all this from the installer without reopening that (thorny) issue. Furthermore, this other piece, the email notifications, is already an option somewhere. The point of this issue is that to enhance the security of sites, it's nice if this option is on by default...
@webchick: Sure, we could combine it into a single "question". I have no time for that today, so maybe BrianV can take another stab at it...
Comment #25
Bojhan CreditAttribution: Bojhan commentedugh, I am really not liking this trend. Why can't someone just install Drupal and do all the other stuff later. It makes no sense at all, there should be a sensible default on this and an easy changer.
Comment #26
brianV CreditAttribution: brianV commented@dww: No time to take a stab at it today - gonna have to do it Monday, unless you beat me to it.
Comment #27
dww@Bojhan: I completely agree. Please reopen #178581 and try to convince everyone there that the "sensible default" for this should be that update.module is enabled and it's automatically configured to send emails to uid 1's email address until configured otherwise. Good luck. ;)
Comment #28
Bojhan CreditAttribution: Bojhan commentedSpoke to webchick, I will just give up. Battling a security decision is rather useless, especially when you will also have to battle an opt-in discussion. Catch suggested doing something with the normal and minimal install profile, but that probally won't fly either.
Comment #29
brianV CreditAttribution: brianV commentedAlmost two months later, I finally got around to making another revision of this. It should satisfy webchick's suggestions in #23.
I've also attached a screenshot of the interface change. When the 'Check for updates automatically' checkbox is deselected, the 'Recieve e-mail notifications' checkbox is hidden via jQuery magic.
Comment #30
dwwCool, thanks for re-rolling! Some minor visual gripes:
F) "Update Notifications" should be "Update notifications".
G) It's too bad we have the same title twice, once on the fieldset, once on the set of checkboxes. Maybe we can skip the #title on the checkboxes and just use the one from the fieldset?
Also, still wondering about (D) from #18. Anyone know of an issue to move installer-specific js out of system.js?
Comment #31
dwwFixes (F) and (G). Tested and it works as advertised. This is RTBC as far as I'm concerned. (D) is clearly for a separate issue. Anyone else care to give this a look before it's really RTBC? Thanks.
Comment #32
ugerhard CreditAttribution: ugerhard commentedIt should be "receive", not "recieve" (see screenshot).
Comment #33
ugerhard CreditAttribution: ugerhard commentedCorrected the typo
Comment #34
brianV CreditAttribution: brianV commented@dww - Nice - those are definite improvements. With respect to creating an installer.js, it may or may not be necessary. How much installer-specific JS is in the system.js?
@ugerhard - thanks for catching that!
I think this patch looks pretty good all around. I am going to RTBC it, since we have a bunch of people in favour of it, and only one person who doesn't like it.
Comment #35
Dries CreditAttribution: Dries commentedCommitted to CVS HEAD. Thanks!