Closed patrickzurek closed 7 years ago
JIRA Comment by user: pkiraly JIRA Timestamp: 2012-09-12 06:07 PM
Comment body:
The problem is, that in installation script and profile we should record the actual version numbers of Drupal core, and modules. Even if we don't improve the Drupal Toolkit, others might release new versions of their modules. Some of the changes might reflect fixing security holes. These releases are distinct ones, and Drupal knows them. When the user install Drupal with our installer, and check status, she will see, that the newly installed Drupal might contain security risks, because of outdated components.
The suggested the solution is, that we should keep the xc_installation profole/script updated, and when a new version of Drupal core or module comes up, we should update the script, and create a new release. None of the component updates require such action, only those which about Drupal makes a suggestion. Technically it means, that one at every months, we should run a check with the latest xc_installation release about updates. In Drupal there is a update checker, so technically it means, that somebody should install a fresh copy, and check update status. If there is at least one important update, the xc_installation project should be refreshed, a new release candidate should be created, and test. If all goes well, a new version should be created.
JIRA Comment by user: mwesley JIRA Timestamp: 2012-09-13 07:15 AM
Comment body:
Peter is right. In summary, this would mean probally releasing the Installation Profile more frequently than the Drupal Toolkit, to keep up with Drupal version changes.
In addition, there is another non-similar security issue. This one is with the use of the JQuery UI Dialog API module, which is unsupported by Drupal due to some weird security controversy. I think we could remove dependency with this module, which would be useful since it's a bit more difficult to install this module as it is no longer available on Drupal.org and requires two additional jQuery modules.
JIRA Comment by user: rcook JIRA Timestamp: 2012-09-18 11:48 AM
Comment body:
Moved the jquery stuff to its own issue Drupal-490.
JIRA Comment by user: mwesley JIRA Timestamp: 2012-09-23 10:31 PM
Comment body:
Adding updated release checklist and new installation profile update checklist.
Issue resolved: 2012-09-24 12:25 PM
JIRA issue created by: rcook Originally opened: 2012-09-12 03:14 PM
Issue body:
Peter please expand on what this issues means and your proposed solution.
This issue has attachments associated with it (external link): [Drupal Toolkit Installation Profile Update Checklist.doc](http://www.carli.illinois.edu/sites/files/XCfiles/Drupal Toolkit Installation Profile Update Checklist.doc) [Drupal Toolkit Release Checklist.doc](http://www.carli.illinois.edu/sites/files/XCfiles/Drupal Toolkit Release Checklist.doc)