Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Blocker for #635892: Create a project_package module for packaged install profiles on d.o, depends on #642106: Add native support in project_release for a "Release type" vocabulary...
Once we have a "Release type" vocab, we need a way to specify that a specific term in that vocab marks a release as a "Security update" (or whatever you want to call it) so that we can provide true update_status-esque reporting for packaged install profile release nodes, including marking items in the package as "not secure", etc.
For the very short term, we'll just define a variable in settings.php to get this going. Eventually, we'll want a UI on the admin settings page to select which term(s?) should be treated as a security update.
We're also going to want a {project_release_nodes}.security_update column to make all the views-support much more sane.
Once we do all this, we can also consider moving some of the special-case code from drupalorg.module that treats this term special into project_release itself, e.g. the stuff to confirm that the user really wants to mark a release as a security update, and the stuff in package-release-nodes.php to not automatically publish security updates can be handled in a more general way than the hard-coded stuff it does now...
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | 642110-1.prn_security_update.patch | 4.27 KB | dww |
Comments
Comment #1
dwwTODO:
A) Admin UI for selecting a term
Otherwise, this is pretty much done.
p.s. see #642904: Replace project_release_db_save() or vastly simplify it via drupal_write_record()
Comment #2
hunmonk commentedthis looks good so far...
Comment #3
dwwCommitted #1 to HEAD. Back to active for (A) and anything else that comes up.
Comment #4
hunmonk commentedbumping down priority, since we have what we need for phase 0 packaged install profiles.
Comment #5
dwwThis still needs to happen before a 6.x-1.0 release, but it's not blocking packaged install profiles anymore, and I'm not actively working on it right now...