There seems to be a conflict with Droptor 6-x-2.8 and Update Notifications Disable Module.

The symptop is inability to connect to feed and you'll get this php error:
Fatal error: Call to undefined function update_get_available() in ...modules/contrib/droptor/droptor_feed.inc on line 88

The fix is to remove the update_notifications_disable module completely.

The support request is to make this degrade nicely or even add something to admin/reports/status that tells user the incompatiblity, etc.

At least noting the fix here might help someone else...

http://drupal.org/project/update_notifications_disable

Comments

jemond’s picture

jemond commented

Interesting. I guess a function_exists call, or a check for this modue, might be needed. Added to the queue.

sethviebrock’s picture

sethviebrock commented
Version: 6.x-2.8 » 7.x-4.0
Issue summary: View changes

This is still an issue in 7.x-4.0:

PHP Fatal error: Call to undefined function update_get_available() in droptor/droptor.feed.inc on line 138

We do managed security updates for our clients in a risk management framework/mindset, wherein only vulnerabilities that apply to the site are updated. We do updates in batch unless a severe CVE is released, and we don't want clients seeing the Drupal updates message and panicking needlessly about some security update that is totally irrelevant to their site.

jemond’s picture

jemond commented

You should really be installing all the updates, not just the ones that you identify as high risk.

jemond’s picture

jemond commented

Feel free to attach a patch here if anyone else comes across this issue, it would be good to do a function_exists() check in any event.

sethviebrock’s picture

sethviebrock commented

No, we should be installing the updates that are *actual* vulnerabilities. If the vulnerability is for authenticated users and the only auth'd user on the site is an admin, the vulnerability does not apply in our scenario. http://searchsecurity.techtarget.com/Six-steps-for-security-patch-manage...

But, yes, will attach a patch. Thanks!

jemond’s picture

jemond commented

@sethviebrock, no need to argue this, but you should be installing all of them. That blog post doesn't apply to how patches should be managed in Drupal. Every platform is different. Way way back when I managed Windows servers this maybe was the case (IIRC), but not with Drupal.

Anyway, I'll watch for the patch. Thanks!

sethviebrock’s picture

sethviebrock commented

Good thing we're not arguing, because you definitely are not providing an argument. Who the heck do you think you are in telling me how to manage my infrastructure for my business? I thought you could extrapolate from the *concepts* in the blog article and apply them to Drupal, without it saying "Drupal blah blah blah Drupal blah blah Drupal" in the blog post. Every business is different. If we're managing a legacy D6 site that is unstable but with budget restrictions (because it's a nonprofit with a constricted budget), we're not going to charge that customer for unnecessary updates. Do you work for Droptor? I am contacting them right now.

jemond’s picture

jemond commented

I am Droptor's creator. Didn't mean any offense. It all depends on how you define "necessary." ;)