[TYPO3] a thought about security announcements and automatic security alert

[Xavier Perseguers]

Krystian Szymukowicz wrote:
> Georg Ringer wrote:
>> There is no reason for txt IMO (some bytes traffic are not a reason 
>> anymore)
> 
> 
> The final decision will be for those who hosts typo3.org. Some security 
> paranoid folks can set cron to check feed every 1 hour. Multiply that by 
> 200.000 TYPO3 installations (assuming almost all will install or it will 
> become core ;)). Then every kB can matter.
> I may be wrong of course. I had never to deal with such highly requested 
> pages :)
> 
> So if this is not a problem then of course it can be rss/xml.

I do not understand why we should use XML or even RSS. RSS make no sense 
as we wish to parse it to _automatically_ inform the webmaster that 
extensions should be upgraded. The idea is not to display the info on 
the webpage. We could of course do both but the point was to inform by 
mail or another form that extension XY needs our attention and should be 
upgraded.

I think we should also get a cron job to update the list of available 
extension. That is boring to do it manually to test whether we may 
upgrade our extensions.

And the security cron job could combine both to inform us that extension 
XY prior to version V is vulnerable but, we are lucky, it already has 
been updated and we just have to go to EM and click to update extension 
without even having to first update the list of available extensions.

And for those of you who think some extensions might be automatically 
installed, we could select which of our installed extensions should be 
actively monitored and automatically updated :-D We would then only get 
an information email.

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html