[TYPO3] a thought about security announcements and automatic security alert

Jeff Segars jsegars at alumni.rice.edu
Tue May 27 21:59:57 CEST 2008 

Francois Suter wrote:
> Hi,
> 
>> I've just thought that it is really some work to check all "yours" 
>> TYPO3 installations to find out which one has security bug announced 
>> in Security Bulletin.
> 
> Actually I had started thinking about something. Over time I have 
> accumulated quite a lot of TYPO3 sites and I have trouble knowing which 
> are running which version and using which extensions (at which version).
> 
> My idea was to develop an extension that can monitor other TYPO3 
> installs. It would actually be a series of extensions:
> 
> - a BE module for the "master" install from which you survey the others
> - a client module for each TYPO3 install to survey
> 
> Those 2 extensions would provide base services (i.e. retrieve info about 
> TYPO3 version, extensions installed, etc.), but other extensions could 
> add other views, for whatever each developer can think of. One service 
> would be to add security bulletin info and automatically get a list of 
> relevant TYPO3 installs.
> 
> This is quite a lot of work and I haven't progressed much yet, so I 
> quite feel like sharing the development of this if there are some people 
> interested in here. The project(s) would be hosted on forge.typo3.org 
> obviously, which is very convenient for sharing both ideas and work.
> 
> What do you think? Anyone interested?
> 
> Cheers
> 

I've had some similar ideas bouncing around in my head for a couple 
months, but haven't found the time to actually do anything with them :)

I've approached it from the perspective of the Extension Manager and 
having a master EM that cuts across all TYPO3 sites on a server. When 
selecting an extension, the administrator would see the other TYPO3 
sites that have that extension present and would push updates through to 
each TYPO3 site (or maybe only a few selected ones).

We've developed a couple command line scripts to update a specific 
extension on a TYPO3 site, so my next logical progression was triggering 
these scripts from a master EM.

If most of the management is extension related, then there may be some 
value in piggybacking on the extension EM functionality.

Any thoughts?

Thanks,
Jeff

More information about the TYPO3-english mailing list