Jubal Kessler dijo [Sat, Aug 15, 2009 at 11:57:55AM -0400]: > Gunnar, > > I applied your patch to my 6.12-1 installation.
Umm… I have not tested this patch against 6.12, but only against
Debian Stable's 6.6. Still, it should work the same, as it is too
simple.
> I got the following error when manually checking for new updates
> while on the Modules page:
>
> "There was a problem determining the status of available updates for
> your version of Drupal. See the available updates page for more
> information."
>
> "available updates" is underlined/hyperlinked.
>
> If I then follow that link, I'm on the "Available Updates" page,
> which tells me "No available releases found", and there is a yellow
> warning icon to the right of that text.
Ok, I had not seen it from the admin/build/modules page as well. Well,
honest to truth, Drupal has (now) no way of knowing this information,
so it is right. Of course, it could be similarly patched - Let me get
a quick stab at it:
--- update.module 2009-08-18 12:25:31.000000000 -0500
+++ /tmp/update.module.new 2009-08-18 12:25:46.000000000 -0500
@@ -65,7 +65,7 @@
case 'admin/build/modules':
include_once './includes/install.inc';
$status = update_requirements('runtime');
- foreach (array('core', 'contrib') as $report_type) {
+ foreach (array('contrib') as $report_type) {
$type = 'update_'. $report_type;
if (isset($status[$type]['severity'])) {
if ($status[$type]['severity'] == REQUIREMENT_ERROR) {
That will suppress the display of this warning block in the modules
list. As I said earlier on my report, I am not a PHP coder, and
therefore keep my modifications at a minimum, but in update.module
there are several instances of comparisons of $type to 'core';
possibly also the instances of values within
$requirements['update_core'] should also be commented out. I don't
think _update_message_text() should be modified, as it deals only with
the generated strings.
> There are a few problems that I see with this patch:
>
> 1. The "No available releases found" text is correct, but still confusing.
> The yellow warning icon is not a good thing to show the Drupal admin,
> because it is not clear _why_ no releases were found.
Agree — Again, I kept this as minimal as possible. This would easily
be addressed by changing the text on UPDATE_UNKNOWN and
UPDATE_NOT_CHECKED given $msg_type == 'core'.
> After your patch, there is no longer a Drupal-base update mechanism
> (there is still one for modules, but I speak only of the base, here).
> Debian (not Drupal) administrators would use Debian's own update mech
> to perform this task, and no longer expect the Drupal admin interface
> to warn about new or security updates.
>
> Is this correct?
Precisely, this is the exact case I want to address. I don't want
Debian users of Drupal to feel they are using a vulnerable version
when they are fully patched but with the older version number. And as
this is a Debian-only patch (well, we can rephrase:
Distribution-only. This patch could be picked up by any other
distribution including Drupal and it would work as fine), and not
intended for inclusion upstream.
> 2. The "Modules" page (in Drupal admin) should not treat #1 above as
> a problem, and should not present a warning.
>
> Perhaps the patch, which is Debian-specific, needs to be expanded to
> make it clear to the Drupal admin that Drupal-base version/etc is
> handled at the _Debian_ admin level, and updates will _not_ be shown
> in the GUI....
Agree. This would be informed in update.module, in the
_update_message_text() function, UPDATE_UNKNOWN and UPDATE_NOT_CHECKED
cases.
Greetings,
--
Gunnar Wolf - gw...@iiec.unam.mx - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
signature.asc
Description: Digital signature
