April 18th, 2017
Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.
The Drupal Association team is gearing up for DrupalCon Baltimore. We’re excited to see you there and we’ll presenting a panel giving an update on our work since Dublin, and our plans for the coming months.
Project application revamp
As we announced in mid-March, new contributors on Drupal.org can now create full projects and releases! Contributors no longer have to wait in the project application queue for a manual review before they are able to contribute projects.
This is a very significant change in the Drupal contribution landscape, and it’s something we approached carefully and will continue to monitor over the coming months. Drupal has always had a reputation for a high quality code, and we want to make sure that reputation is preserved with good security signals, project quality signals, and continued incentives for peer code review.
That said, we’re very excited to see how this change opens up Drupal to a wider audience of contributors.
Please note that the removal of project applications to create full projects and releases means a change in the security advisory policy (see below for details).
Security Advisory Opt-in and new Security Signals for Projects
Are you responsible for the security of your clients’ Drupal sites?
Please note that Drupal’s security advisory coverage policy has changed. Security advisory coverage for contributed projects is now only available for projects that have both opted in to receive coverage and made a stable release. You can see which projects have opted in by checking their project pages. If you have questions, please contact firstname.lastname@example.org.
Because users may now create full projects and releases without opting in to security advisory coverage, it’s critically important that we provide good security signals to users evaluating projects on Drupal.org. This is why we’ve added a security coverage warning to projects that aren’t opted in to coverage.
- Opened up the opt-in process, allowing any maintainer of a project (not just the node author) to opt in to receive security advisory coverage
- Added a confirmation step when a user goes to make a stable release – this encourages users to be sure the project is ready for a release, and to opt-in to coverage if they haven’t already
- Blocked security advisory opt-in if a project has an open, public security issue
- Started displaying info about public security issues on project pages that haven’t opted into advisory coverage
- Added a filter to project browsing pages to make it easier to find projects with supported stable releases
2017 Community Elections Update
The 2017 elections for the community-at-large seat on the board were held successfully in March. Drupal Association community board elections are conducted with the Instant Runoff Voting system. This voting methodology requires that voters rank their preferred candidates on their ballot, and we’ve heard that this system has been somewhat unwieldy in the past.
Each year we try to improve the voter experience and so this year we deployed a new drag-and-drop ballot.
Finally, we want to congratulate our newest board member Ryan Szrama!
Better international datetime support throughout Drupal.org
Drupal.org has grown organically over the course of more than a decade, and as features have been built out they were not always consistent in their display of datetime information. While it sometimes makes sense to have a few different formats for displaying date and time, many of the formats in use were simply arbitrary historical decisions.
As a quality of life improvement, especially for users outside of the USA, we’ve standardized the datetime format used on Drupal.org. That format is: DD MMM YYYY – hh:mm (UTC±h). For example: 11 Aug 2016 – 16:42 (UTC+8)
CSS Lint check style results
When we implemented coding standards testing in DrupalCI in February we were not able to add CSS Lint testing until the CSSLint configuration file in core was fixed. That issue was fixed in late February and so we added CSSLint to support coding standards testing for CSS at the beginning of March.
Cleaning up coding standards results
The addition of coding standards results to DrupalCI means that Drupal.org is now storing even more test data about the code we test on Drupal.org. Our initial implementation of coding standards testing did not include clean up of older results, and so to preserve database space and testing resources, we implemented some clean-up routines in March. In particular we are now:
- Cleaning up all results for closed issues
- For custom one-off tests, keeping results for 30 days to match what is shown on project’s automated testing tab
- For tests triggered on a schedule or commit, keeping the most recent per-environment per-branch, and keeping anything less than 24h old
Protecting Git services
We experienced some minor Git outages in March, due to malicious authentication attempts. To mitigate these issues in the future, we’ve implemented fail2ban rules to protect Git authentication. This should improve the stability and uptime of Git services for all developers on Drupal.org.
We want to thank Drupal.org infrastructure volunteer mlhess for his assistance with this.
Contrib Documentation Migration
New tools for Documentation have been available on Drupal.org for more than half a year. While most of the core documentation has been migrated to the new system, we are still encouraging Contrib maintainers to migrate their docs.
To make it easier for contrib project maintainers to migrate their documentation to the new documentation tools, we’ve made two improvements:
- Maintainers may now attach Documentation guides directly to their project pages.
- The Documentation Guides that a user maintains are now listed on their user profile.
As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:
- CivicActions – *NEW* Supporting Partner
- HS2 Solutions – *NEW* Supporting Partner
- Cheeky Monkey Media – Renewing Supporting Partner
- Cybage Software – Renewing Supporting Partner
- Digital Circus – Renewing Supporting Partner
- Message Agency – Renewing Supporting Partner
- QED42 – Renewing Supporting Partner
- Srijan Technologies – Renewing Supporting Partner
- Evolving Web – Renewing Supporting Partner
- Brightcove – *NEW* Technology Supporter Partner
- SiteGround – Renewing Hosting Supporter Partner
- Smartling – *NEW* Technology Supporter Partner
- Sevaa Group – *NEW* Technology Supporter Partner
If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.