Planet Drupal

Syndicate content - aggregated feeds in category Planet Drupal
Updated: 2 min 28 sec ago

Makak Media: Taking BackDrop For A Test Drive

Mon, 02/16/2015 - 18:41
div class=field field-type-filefield field-field-blog-image div class=field-items div class=field-item odd img class=imagefield imagefield-field_blog_image width=470 height=470 title=Backdrop Drupal fork alt=Backdrop src= / /div /div /div pSo the first a href= target=_blankBackDrop/a release is out there in the wild ready for a quick test drive! We're excited to see where this fork of Drupal 7 leads as we believe it to be a good complementary system to Drupal with a long term future./p pFirst off we checked under the hood to get things configured and found the settings.php file in the root folder, which makes for easier access. Also all those txt files have been removed including the CHANGELOG.txt file, which we remove by default, as it supplies useful info to any hacker out there!/p pNaturally the a href= target=_blankinstallation process/a is very similar to Drupal but with a few less settings giving it a simpler feel./p pUpon installation you're presented with a responsive admin menu with a slightly different structure to the standard Drupal menu. Responsiveness out of the box is great and the new menu again has a simpler look./p pa href= target=_blankread more/a/p

DrupalDare: G-WAN as a static Drupal file server

Mon, 02/16/2015 - 18:26
So now that we have concluded that it's easy to setup distribution of files on a separate subdomain, what about using a completely other web server (or in this case an application server)? Will it blend?

Acquia: Development based on Drupal's Fundamental Particles - Brad Czerniak

Mon, 02/16/2015 - 14:34
div class=form-item form-type-item labelLanguage /label Undefined /div div class=field field-name-body field-type-text-with-summary field-label-hidden div class=field-items div property=content:encoded class=field-item evenp Presenter Brad Czerniak caught my eye with a blog post entitled a href= things I learned using Drupal at a hackathon/a, based on his experiences taking part in the #hackDPL (Detroit Public Library) competitive hackathon. In our podcast interview we talk about that – before moving on to Brad's session about the Drupal development best practices he and his team use at a href=https://www.commercialprogression.comCommercial Progression/a in Michigan./p /div /div /div figure class=field-item even rel= resource= class=field-item even div id=styles-2 class=styles styles-field-image styles-style-scale_width_280 styles-container-image styles-preset-scale_width_280 img typeof=foaf:Image src= alt= title= //div !-- render the title tag as caption -- /figure span property=dc:title content=Development based on Drupal#039;s Fundamental Particles - Brad Czerniak class=rdf-meta element-hidden/span

Annertech: Enlightening - The Dark Art of Solr Search with Drupal

Mon, 02/16/2015 - 13:41
span class=field field-node--title field-name-title field-type-string field-label-hiddenEnlightening - The Dark Art of Solr Search with Drupal/span div class=field field-node--body field-name-body field-type-text-with-summary field-label-hidden div class=field-items div class=field-itemh2Why this blog post?/h2 pOften when I add a search function to a Drupal website using Apache Solr, I'm amazed at how complex some people think this is. Many developers/site builders are of the belief that this is some kind of very-hard-to-master black art. They could not be more wrong./p pSo what I want to contribute back to the Drupal community is an understanding of how Solr works, why/how it differs from Drupal Core Search module, and the benefits Solr has over core search./p/div /div /div The Drupal 8 plugin system - part 2

Mon, 02/16/2015 - 12:38
pWe saw in a href='' part 1/a how plugins help us in writing reusable functionality in Drupal 8. There are a lot of concepts which plugins share in common with services, like:/p ol lilimited scope. Do one thing and do it right. /li liPHP classes which are swappable./li /ol pWhich begs the question, how exactly are plugins different from services? br / If your interface expects implementations to yield the same behaviour, then go for services. Otherwise, you should write it as a plugin. This needs some explaining. br / For instance, if you are creating an interface to store data in a persistent system, like MySQL or MongoDB, then it would be implemented as a service. The codesave()/code function in your interface interface will be implemented differently for both the services, but the behaviour will be the same, i.e., it takes data as input parameters, stores them in the respective data store and returns a success message./p pOn the other hand, if you are creating an image effect, it needs to be a plugin. (It already is. Check a href='' !modules!image!src!ImageEffectInterface.php/interface/ImageEffectInterface/8image effects as plugins/a). The core concept of image plugins is to take in an image, apply an effect on it and return the modified image. Different image effects yield different behaviours. An image scaling effect might not produce the same behaviour as that of an image rotating effect. Hence, each of these effects need to be implemented as a plugin. If any module wants to create a new image effect, it needs to write a new plugin by extending the codeImageEffectBase/code class./p h4 id=pluginsusedincorePlugins used in core/h4 pLet's take a look at the major plugin types provided by Drupal 8 core. An example plugin of each plugin types will be the subjects of future blog posts./p ol lipstrongBlocks/strong br / Drupal 8 finally got blocks right. Custom blocks can be created from the codeBlockBase/code class./p/li lipstrongField Types, Field Widgets and Field Formatters/strong br / Check a href='' part 1/a for how this is done in Drupal 8./p/li lipstrongActions/strong br / Drupal 8 allows module developers to perform custom actions by implementing the codeActionBase/code class. Blocking a user, unpublishing a comment, making a node sticky etc. are examples of actions./p/li lipstrongImage Effects/strong br / Image effects are plugins which manipulate an image. You can create new image effects by extending codeImageEffectBase/code. Examples of core image effects are codeCropImageEffect/code and codeScaleImageEffect/code./p/li lipstrongInput filters/strong br / User submitted input is passed through a series of filters before it is persisted in the database or output in HTML. These filters are implemented as plugins by implementing the codeFilterBase/code class./p/li lipstrongEntity Types/strong br / In Drupal parlance, entities are objects that persist content or configuration in the database. Each entity is an instance of an entity type. New entity types can be defined using the annotation discovery mechanism./p/li lipstrongViews related plugins/strong br / A large collection of different plugin types are employed by views during the querying, building and rendering stages. /p/li /ol h4 id=plugindiscoveryPlugin Discovery/h4 pPlugin discovery is the process by which Drupal finds plugins written in your module. Drupal 8 has the following plugin discovery mechanisms:/p ol lipstrongAnnotation based/strong. Plugin classes are a href='' annotated/a and have a directory structure which follows the PSR-4 notation. /p/li lipstrongHooks/strong. Plugin modules need to implement a hook to tell the manager about their plugins./p/li lipstrongYAML files/strong. Plugins are listed in YAML files. Drupal Core uses this method for discovering local tasks and local actions./p/li lipstrongStatic/strong. Plugin classes are registered within the plugin manager class itself. This is useful if other modules should not create new plugins of this type./p/li /ol pAnnotation based discovery is the most popular plugin discovery method in use. We will briefly look at how we create a new plugin type using this method in the next part./p

DrupalDare: CDN, Cookieless Requests and Subdomains

Mon, 02/16/2015 - 11:52
In this text I will go in to the topic of using a separate domain for serving your static files to avoid the client sending unnecessary cookies in the headers and why it may be or may not be a solution to speed up your website.

Drupal core announcements: Drupal core security release window on Wednesday, February 18

Mon, 02/16/2015 - 05:37
div class=field field-type-datestamp field-field-start7 div class=field-items div class=field-item odd div class=field-label-inline-first Start:nbsp;/div span class=date-display-single2015-02-18 (All day) America/New_York/span /div /div /div div class=field field-type-text field-field-event-type div class=field-items div class=field-item odd Online meeting (eg. IRC meeting) /div /div /div div class=field field-type-userreference field-field-organizers div class=field-labelOrganizers:nbsp;/div div class=field-items div class=field-item odd a href=/user/14705 title=View user profile.David_Rothstein/a /div /div /div pThe monthly security release window for Drupal 6 and Drupal 7 core will take place on Wednesday, February 18./p pThis does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release)./p pThere will be no bug fix release on this date; the next window for a Drupal core bug fix release is Wednesday, March 4./p pFor more information on Drupal core release windows, see the documentation on a href= timing/a and a href= releases/a, and the a href= that led to this policy being implemented./p

Drupalpress, Drupal in the Health Sciences Library at UVA: two new drupal distros – one for voting, one for 3d printing e-commerce

Sun, 02/15/2015 - 22:29
pTwo new drupal distributions available on githubimg class=alignnone size-full wp-image-848 src= alt=frong width=85 height=94 //p p** a href= is the distribution behind a href= /a- it#8217;s an attempt to run a political campaign through a virtual proxy#8230;/p p** #8211; this is the code behind a href= it#8217;s an e-commerce solution for 3d printing#8230; A lot of this is implemented in rules and other well-standardized code thanks to a href= Pontani/a - a talented developer here in Virginia.  Joe integrated several third party tools, and set up the UVa payment gateway through Nelnet./p pBoth sites are getting updates over the next few months #8211; the Charlottesville Council website also has a a href= implementation on it #8211; absolutely awesome toolset#8230;/p pa href= API compliance/a is another feature I#8217;m pretty stoked about#8230; I got most of that done with the a href= server/a, a href= datasource/a, a href= and a couple of great notification features done with a href= + views /a i#8217;ll get that feature out asap = it#8217;s really convenient #8211; matching a a href= taxonomy field onto content taxonomy fields for notifications with new content./p pany questions #8211; please drop a line in the comments below/p

DrupalOnWindows: Bypassing Form Validations and Required Fields in Drupal: the BFV module.

Sun, 02/15/2015 - 08:00
div class=form-item form-type-item labelLanguage /label English /div div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpRequired or not required? To validate or not to validate? That is the question. So you've setup (the site builder's way, no custom forms) your required fields and custom validations for Node types, just to get this feedback from the customer:/p blockquote pemstrongThat field we defined as mm..... as required (something trivial and not really critical such as an image file) is actually not always required. Users X and Y should be able to bypass that restriction./strong/em/p/blockquote/div/div/divdiv class=view view-read-more view-id-read_more view-display-id-entity_view_1 view-dom-id-58adb01753a9a66a7c98325e97564d18 div class=view-header hr/ h2More articles.../h2 /div div class=view-content div class=item-list ul li class=views-row views-row-1 views-row-odd views-row-first div class=views-field views-field-title span class=field-contenta href=/en/blog/drupal-iis-or-apacheDrupal on IIS or Apache/a/span /div/li li class=views-row views-row-2 views-row-even div class=views-field views-field-title span class=field-contenta href=/en/blog/bypassing-form-validations-and-required-fields-drupal-bfv-moduleBypassing Form Validations and Required Fields in Drupal: the BFV module./a/span /div/li li class=views-row views-row-3 views-row-odd div class=views-field views-field-title span class=field-contenta href=/en/blog/node-comment-and-forum-working-together-boost-user-participationNode Comment and Forum working together to boost user participation/a/span /div/li li class=views-row views-row-4 views-row-even div class=views-field views-field-title span class=field-contenta href=/en/blog/installing-drupal-windows-and-sql-serverInstalling Drupal on Windows and SQL Server/a/span /div/li li class=views-row views-row-5 views-row-odd div class=views-field views-field-title span class=field-contenta href=/en/blog/setting-code-syntax-higlighting-drupalSetting up Code Syntax Higlighting with Drupal/a/span /div/li li class=views-row views-row-6 views-row-even div class=views-field views-field-title span class=field-contenta href=/en/blog/getting-2000-requests-second-without-varnishGetting #2,000 requests per second without varnish/a/span /div/li li class=views-row views-row-7 views-row-odd views-row-last div class=views-field views-field-title span class=field-contenta href=/en/blog/distinct-options-views-exposed-filter-views-selective-filters-moduleDistinct options in a views exposed filter: The Views Selective Filters Module/a/span /div/li /ul/div /div /div

Drupal @ Penn State: A window into our Community

Sat, 02/14/2015 - 18:22
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedh3Intro/h3 pSomething that inspired me recently to write about DUG, are the efforts of MediaCurrent. Media Current has recently been pushing forward a series of postings talking about how they are giving back and being a lot more open about use of time to give back (which is awesome)./p/div/div/div

Angie Byron: Webchick's plain Drupal English Guide to the Remaining Drupal 8 Critical Issues: DrupalCon Bogotá Edition

Sat, 02/14/2015 - 11:09
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpem(Apologies for the atrocious state of the HTML that follows; this content is originally from this a href= Doc/a.)/em/p phtmlheadtitleWebchick#39;s quot;plain Drupal Englishquot; Guide to the Remaining Drupal 8 Critical Issues: DrupalCon Bogotaacute; Edition/titlemeta content=text/html; charset=UTF-8 http-equiv=content-type/headbody class=c19br / p class=c6span class=c3/span/p p class=c6 c17span class=c2/span/p p class=c11span class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGJrgwnj274TDCl2SC8jCcTR-MdIgDrupalCon Bogotaacute;/a/spanspannbsp;just finished up, and /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNF8nVOE_XYO8vT4zxqVhLbjBEDpXQcritical issue/a/spanspan-wise/spanspannbsp;we#39;ve managed to stay in the 50s for a few days (down from a high of 150 last summer!), so now seems like as good a time as any to write down what#39;s left to /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGBWBAEHObfCfWKwarFwozMIh50rQship Drupal 8/a/spanspan!/span/p p class=c6span/span/p p class=c11spanThis post will attempt to document all of the remaining 55 criticals (as of this writing), and attempt to offer a somewhat quot;plain Englishquot; (or at least quot;Drupal Englishquot; ;)) description of each, loosely categorized into larger areas in which we could really use extra help. There are over /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHGpEysQ8In8V6ElYae14OKAKpjlg2,600 contributors to Drupal 8/a/spanspannbsp;at this time, please /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE8wZbctf2QLIuB8mY3GwARruilbQjoin us/a/spanspan!/span/p p class=c6span/span/p p class=c11span class=c16(Note: These descriptions might not be 100% accurate; this is my best approximation based on the issue summary and last few comments of each issue. If I got the description of your pet issue wrong, please update your issue summary. ;))/span/p !--break--p class=c6span class=c16/span/p h1 class=c7a name=h.inl72dbedobg/aspanTable of contents/span/h1 p class=c11 c17span class=c2a class=c0 href=#h.ypqccthuaoguQuick vocabulary lesson/a/span/p p class=c11 c17span class=c2a class=c0 href=#h.t6s6dg6hbxhnCurrent state of critical issues/a/span/p p class=c1span class=c2a class=c0 href=#h.p75y1r4tm9nvSecurity/a/span/p p class=c4span class=c2a class=c0 href=#h.c3q69feo7cmiSecurity Parity with Drupal 7/a/span/p p class=c4span class=c2a class=c0 href=#h.6deq2nteoql6Session and User Authentication API/a/span/p p class=c4span class=c2a class=c0 href=#h.6kuo2v4augbaREST/a/span/p p class=c4span class=c2a class=c0 href=#h.em182923ghiiNew security improvements/a/span/p p class=c1span class=c2a class=c0 href=#h.biagh7n8rgptPerformance/a/span/p p class=c4span class=c2a class=c0 href=#h.i2oyr5rqaj4xProfiling/a/span/p p class=c4span class=c2a class=c0 href=#h.z6xejabnynwFix regressions relative to Drupal 7/a/span/p p class=c1span class=c2a class=c0 href=#h.sumg6cigkyfoEntity Field API/a/span/p p class=c1span class=c2a class=c0 href=#h.pvyrwdfyvdc0Views/a/span/p p class=c1span class=c2a class=c0 href=#h.yssr9b6rl72aConfiguration system/a/span/p p class=c1span class=c2a class=c0 href=#h.744pljan9umiquot;Fix it, or elsequot;/a/span/p p class=c1span class=c2a class=c0 href=#h.h46w1jnuchnrGeneral house-keeping/a/span/p p class=c1span class=c2a class=c0 href=#h.rmvhprdt1fbkOther/a/span/p p class=c11 c17span class=c2a class=c0 href=#h.bf4k5phhkgn7Thrilling conclusion! (also known as quot;TL;DRquot;)/a/span/p p class=c6span/span/p h1 class=c7a name=h.ypqccthuaogu/aspanQuick vocabulary lesson/span/h1 p class=c11spanWithin this list, there are numerous quot;markersquot; used to signify that some of the issues in this list are more important to fix ASAP. These are:/span/p p class=c6span/span/p ul class=c8 lst-kix_9vpbdt1zxr8p-0 start li class=c1 c5span class=c15 c3D8 upgrade path/spanspan: An issue tagged /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEXNqQsm8FbF5G9RG2BykCXaeQvDwD8 upgrade path/a/spanspannbsp;(currently, 13) means it blocks a beta-to-beta upgrade path for Drupal 8, generally because they materially impact the data schema or they impact security. Once we resolve all of these blockers, early adopters will no longer need to reinstall Drupal between beta releases, but can just run the update.php script as normal. This is currently our biggest priority./span/li li class=c1 c5span class=c3 c12Blocker/spanspan: An issue tagged /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFnReuY9Oi3etLjtLzttlaaRGhnHwblocker/a/spanspannbsp;(currently, 5) means it blocks other issues from being worked on. This is currently our second-biggest priority (or 0th priority in the case an issue blocks a D8 upgrade path issue :D). I#39;ve noted these as quot;sub-bulletsquot; of the issues that are blocking them./span/li li class=c1 c5span class=c3 c20Postponed/spanspan: Issues that are marked /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEjNZ9RiYEbx9e3p6ABvoXyTCygpQpostponed/a/spanspannbsp;(currently, 9)/spanspannbsp;are either currently blocked by one of the quot;Blockerquot; issues, or we#39;ve deliberately chosen to leave off until later./span/li li class=c1 c5span class=c10 c3gt;30 days/spanspan: These patches have a patch more than 30 days old, and/or were last meaningfully commented on gt;30 days ago. If you#39;re looking for a place to start, re-rolling these is always helpful!/span/li li class=c1 c5span class=c3No patch/spanspan: This issue doesn#39;t have a patch yet. Oh the humanity! Want to give it a shot?/span/li /ul p class=c6span/span/p p class=c11spanOther weird core issue nomenclature:/span/p ul class=c8 lst-kix_d07eoiemqszj-0 start li class=c1 c5spanquot;metaquot; means a discussion/planning issue, with the actual patch action happening in related/child issues./span/li li class=c1 c5spanquot;PP-3quot; means quot;this issue is postponed on 3 other issuesquot; (PP-1 means 1 other issue; you get the drift)./span/li /ul h1 class=c7a name=h.t6s6dg6hbxhn/aspanCurrent state of critical issues/span/h1 p class=c11spanSections roughly organized from quot;scariestquot; to quot;least scaryquot; in terms of how likely they are to make Drupal 8 take a longer time to come out./span/p h2 class=c7 c21a name=h.p75y1r4tm9nv/aspanSecurity/span/h2 p class=c11spanBecause Drupal 8 hasn#39;t shipped yet, it#39;s not following Drupal#39;s standard /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE6hXR2nTFHqCu3OvDgPLfu_y0OswSecurity Advisory/a/spanspannbsp;policy, so there are still outstanding, public /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEE-dzgLOIyDKSjRNfsHuZCz5V5jQsecurity/a/spanspannbsp;issues (13 as of this writing). We need to resolve most of these prior to providing a Drupal 8 beta-to-beta upgrade path, as this is the time when we signal to early adopters that it#39;s an OK time to start /spanspan class=c16cautiously/spanspannbsp;building real sites on Drupal 8./span/p p class=c6span/span/p p class=c11span class=c3Skills needed:/spanspannbsp;Various/span/p h3 class=c7 c18a name=h.c3q69feo7cmi/aspanSecurity Parity with Drupal 7/span/h3 p class=c11spanThis class of security issue is to ensure that when Drupal 8 ships, it won#39;t have any regressions security-wise relative to Drupal 7./span/p p class=c6span/span/p ul class=c8 lst-kix_yganm4mrgvck-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGK1L8XgveCFCz6l1g6qPhNcOcUhwCheck every Drupal 7 contrib SA that may affect Drupal 8 core modules/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan)/spanspannbsp;/spanspanIn order to ship Drupal 8, we need to ensure that there are no outstanding security advisories for contributed modules that were pushed into Drupal 8 core. /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHx40Z5ftf-hlxruq3c_PeaRk6mPAnickwaring89/a/spanspannbsp;has started a /spanspan class=c2a class=c0 href= spreadsheet/a/spanspannbsp;for tracking this./span/li /ul ul class=c8 lst-kix_yganm4mrgvck-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHbxhTjkzh6PXzA6AKaWOZoZvpxHwPort SA-CONTRIB-2013-096 to D8/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan)/spanspannbsp;/spanspanHere#39;s one such issue for Entity Reference module. /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE_Q1z7h0E-5PgopAMTZ0GEjAZ_OQSA-CONTRIB-2013-096/a/spanspannbsp;addressed a relatively esoteric remote access bypass bug, and the patch needs to be forward-ported to Drupal 8./span/li li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEBR15tqk_V6vSj-1k_ZSjhOtnfJgPort SA-CONTRIB-2015-039 to D8/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan) nbsp;/spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNG77PvXsIeFn7NNNnsmB1TfaCcq4wSA-CONTRIB-2015-039/a/spanspannbsp;addressed two issues in Views module, a redirect and default permissions for disabled views. The first was fixed in D8, but access checks are still missing from a few views for the second./span/li /ul ul class=c8 lst-kix_yganm4mrgvck-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEikiGzTxTjIYmAJVNiYwxdgkE1iASA-CORE-2014-002 forward port only checks internal cache/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan) Oopsie. Missed a spot. :P /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFeY1YGG7yO-Cp9bJ2eNUfTub1dvASA-CORE-2014-002/a/spanspannbsp;was a moderately critical Form API issue, where anonymous users#39; form entries on cached forms could potentially leak to other anonymous users. It was partially fixed, but not for reverse-proxies./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNG7-dmCg0gmcbaJig_AG4X0LPt4NgEntity/field access and node grants not taken into account with core cache contexts/a/spanspan class=c3nbsp;/spanspanWe need to figure out and document what the API looks like for field/entity access modules that interact with the new render cache in Drupal 8./span/li /ul p class=c6span/span/p h3 class=c7a name=h.6deq2nteoql6/aspanSession and User Authentication API/span/h3 p class=c11spanBecause of various intricate dependencies, the /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHUVxi3Nzd7xh8WMJ5yV2ZyWr4e7gauthentication/a/spanspannbsp;part of Drupal 8 isn#39;t yet converted to object-oriented code, and prevents us from further optimizing bootstrap. This set of issues fixes various problems with this part of the code, and ensures these important security APIs are complete and ready to ship./span/p p class=c6span/span/p ul class=c8 lst-kix_yganm4mrgvck-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEPNBsa6yiO9TJTXxrrFHPZuf5R0Q[meta] Finalize Session and User Authentication API/a/spanspannbsp;(/spanspan class=c12 c3Blocker/spanspan)/spanspannbsp;The main tracking issue for work in this area. /span/li /ul ul class=c8 lst-kix_yganm4mrgvck-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE3qHai1PTtt4NZof7Ov5HTm3cwlgRemove dependency of current_user on request and authentication manager/a/spanspannbsp;Aims to solve a circular dependency when implementing alternative authentication schemes, and move authentication to only happening once per request, closing a potential security hole./span/li li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHotmL3gf7a_UsK2mlM7DXxxHePLASession for an authenticated user can only be set by Cookie AuthenticationProvider/a/spanspannbsp;(/spanspan class=c10 c3gt;30 days/spanspan, /spanspan class=c3No patch/spanspan) Currently, alternative authentication providers, such as /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE1YdRxSeAnkCI6OWfgrKUjQ2HtGQHTTP basic authentication/a/spanspan, do not play nicely with the default login form, because Cookie trumps all./span/li li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFq3Rn3xjTMFFxUtBkIpi4gMAXP8Q[meta] Security audit the Authentication component/a/spanspannbsp;(/spanspan class=c20 c3Postponed/spanspan) Since the Authentication component is new to Drupal 8, this issue proposes performing a security audit on it once it#39;s complete, and prior to a release candidate./span/li /ul h3 class=c7a name=h.6kuo2v4augba/aspanREST/span/h3 ul class=c8 lst-kix_yganm4mrgvck-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE5DhudRAsbbsLBpOwYBUDMWh2mygREST user updates bypass tightened user account change validation/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan) Since Drupal 7, when you edit your user account, you have to provide the existing password when you want to change the password or e-mail. This security feature is currently by-passed by REST user updates as you can change the password or e-mail without providing the password./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHiSSvwiGTekNKdi9DIloIaXDKdGAExternal caches mix up response formats on URLs where content negotiation is in use/a/spanspannbsp;(/spanspan class=c10 c3gt;30 days/spanspan) Drupal 8#39;s request processing system is currently based on /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHcBrGVQONVoIMLN5YSMYElSdT8BAcontent negotiation/a/spanspannbsp;(which allows you to serve multiple versions of a document at the same URI based on what headers are sent e.g. /spanspan class=c14Accept: text/html/spanspannbsp;or /spanspan class=c14Accept: application/json/spanspan). This is generally considered the quot;right wayquot; to do REST. However, various external caches and CDNs have trouble with this mechanism, and can mix them up and can send random formats back. The issue proposes changing from content negotiation to separate, distinct paths such as /spanspan class=c14/node/1.json/spanspan./span/li /ul p class=c6span/span/p h3 class=c7a name=h.em182923ghii/aspanNew security improvements/span/h3 p class=c11spanThese issues affect new security improvements we want to make over and above what Drupal 7 does./span/p p class=c6span/span/p ul class=c8 lst-kix_yganm4mrgvck-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE6yDK--MVpSZgZP0ksjjcY_pFPyw[meta] Document or remove every SafeMarkup::set() call/a/spanspannbsp;One of the big security improvements in Drupal 8 is the introduction of /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHzHdi5mifH6_l5xc_Ydw1MBTrjqwTwig#39;s autoescape feature/a/spanspan, which ensures that all output to the browser is escaped by default. However, this is quite a big change that requires all of the code that was previously escaping content to stop doing that, else it gets double-escaped (so you start seeing amp;lt; and amp;quot; and whatnot in the UI). We originally introduced the ability to manually mark markup safe with SafeMarkup::set(), but the recommended approach is actually to use Twig everywhere, so this issue is to ensure that all remaining instances of the manual way are fixed, or at least documented to explain why they#39;re using the non-recommended method./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHPAbdYg2eVFILdxr4wSf9Wv4Y2XAPassing in #markup to drupal_render is problematic/a/spanspannbsp;(/spanspan class=c3 c10gt;30 days/spanspan) Another issue in the Twig autoescape space, we need to ensure that markup set by the quot;#markupquot; in e.g. form definitions is properly escaped./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNG_pyMR6BJLQviWq_GJ2zG4nRUAlQLimit PDO MySQL to executing single statements if PHP supports it/a/spanspannbsp;Remember /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEQRTkLmxQjO-2mhrfqYZjegbotJQSA-CORE-2014-005/a/spanspan? Yeah, so do we. ;) This issue is to make sure that if another SQL injection vulnerability is ever found again, the damage it can do is more limited by eliminating the ability for MySQL to execute multiple queries per PDO statement./span/li /ul p class=c6span/span/p h2 class=c7a name=h.biagh7n8rgpt/aspanPerformance/span/h2 p class=c11spanTied with security, 13 of the remaining issues are tagged /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNG98Y_gFvVEV5XHo5qZ8GarKoAm_wPerformance/a/spanspan. While it may seem odd/scary to have this be a big chunk of the work left, it#39;s a common practice to avoid /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEmMdOMhBEUKJH-GUvIFKxDC8Yngwpremature optimization/a/spanspan, and instead focus on optimization once all of the foundations are in place./span/p p class=c6span/span/p p class=c11span class=c3Skills needed:/spanspannbsp;Profiling, caching, optimization, render API/span/p h3 class=c7 c18a name=h.i2oyr5rqaj4x/aspanProfiling/span/h3 p class=c11spanHere are a sub-set of issues where we need /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHX9Ju8VdZb8SednN4ujo8eHdEANQperformance profiling/a/spanspannbsp;to determine what gives us the biggest bang for our effort./span/p p class=c6span/span/p ul class=c8 lst-kix_rfxe804vasvo-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE6oVI4QL1UrYjSq5Q8K40EBFdZAw[Meta] Make drupal install and run within reasonable php memory limits so we can reset the memory requirements to lower levels/a/spanspannbsp;Due to a variety of issues, including the YAML parsing slowness mentioned above, Drupal 8 currently requires 64M of memory to install, which will only go up as contrib modules are added. The goal is to reduce that significantly, more towards Drupal 7#39;s numbers. The issue contains a number of profiling results and sub-issues that help./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEAR3vsrB_mQMMCTimAuF7SYnAo3QProfile to determine which services should be lazy/a/spanspannbsp;Drupal 8 exposes a number of /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNH8McLuguuXUNZGAfuw9HdNfSj4jQServices/a/spanspannbsp;(which contain re-usable functionality and allow for pluggability/replacement). Normally, all services that are dependencies of other services are loaded on page load. However, we recently introduced the /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEULKE_uS7GX-6HWjuW1-FGs5P8NAability to mark individual services as quot;lazyquot;/a/spanspanmdash;meaning, to only load them on-demand. This issue is to determine which services are currently loading on every request, yet unneeded for most, so we can mark them as such./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGvBaynn0ugVU6K_QVHT2n1T_Ke0gProfile/rationalise cache tags/a/spanspannbsp;Drupal 8#39;s caching API introduces the notion of /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFZMLi5pOcaHkbac-4UTkZiJrsZ3Qcache tags/a/spanspan, allowing for much more focused and targeted cache clears for much better performance. This issue involves investigating our usage of cache tags in D8 and seeing how they could be optimized/improved./span/li /ul h3 class=c7a name=h.z6xejabnynw/aspanFix regressions relative to Drupal 7/span/h3 ul class=c8 lst-kix_5xn4xca12dzt-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGumXl7Vciwe3NdIB9dXRKVsaU2jA[meta] Resolve known performance regressions in Drupal 8/a/spanspannbsp;This is the main tracking issue in this space. During the 8.x cycle we#39;ve introduced several known performance regressions compared to Drupal 7 (sometimes to make progress on features/functionality, other times because we introduced changes that we hoped would buy us better scalability down the line), which we need to resolve before release so that Drupal 8 isn#39;t slower than Drupal 7. The performance team meets weekly and tracks their progress in a /spanspan class=c2a class=c0 href=;usp=drive_web#gid=0detailed spreadsheet/a/spanspan. /span/li /ul ul class=c8 lst-kix_5xn4xca12dzt-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFteJLZwA3olK2UJ_HrZySQ3dJkGQYAML parsing is very slow, cache it with APCu in Drupal\Core\Config\FileStorage::read/a/spanspannbsp;(/spanspan class=c12 c3Blocker/spanspan) Installation in Drupal 8 is not as quick as it otherwise would be due to the slowness of parsing YAML files, sometimes more than once. This issue proposes to add a caching layer to speed things up, and also help eliminate noise found in profiling./span/li li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGSS8ymNv0hzyoGkkCorrHKOeCrvQConvert menu CSRF tokens to use #post_render_cache/a/spanspannbsp;(/spanspan class=c12 c3Blocker/spanspan, /spanspan class=c10 c3gt;30 days/spanspan) nbsp;Drupal employs robust /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGNxgWLDXkph21PuNF3gXAzYceNYgCross-Site Request Forgery/a/spanspannbsp;protection which involves appending a user-specific token on forms and links. However, this is both a bit overkill (in most systems there is just a single CSRF token per request) and also prevents caching of CSRF-protected forms/links./span/li /ul ul class=c8 lst-kix_5xn4xca12dzt-2 start li class=c11 c5 c13span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHcoAuK7nmE8y_UEa_gkEcp9-F5Kg[PP-1] Cache localized, access filtered, URL resolved, (and rendered?) menu trees/a/spanspannbsp;(/spanspan class=c20 c3Postponed/spanspan, /spanspan class=c10 c3gt;30 days/spanspan) nbsp;An /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNELAJoATN0Vbf36CyXoDmysllW81Qimpressive performance improvement/a/spanspannbsp;for the new D8 toolbar, as well as menu blocks./span/li li class=c11 c5 c13span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHX7OevQ7GNN5MS13aHU3y_N4EsvAAdd cache wrapper to the UrlGenerator/a/spanspannbsp;In Drupal 8, the url() function has been replaced by the /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGbzAYyB329l3-xqRgIPMBy00PkUgUrlGenerator/a/spanspannbsp;class instead. This issue is proposing to add caching to make it able to not re-do work once it#39;s already generated a given URL on the page./span/li /ul ul class=c8 lst-kix_5xn4xca12dzt-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHJEkurZMY_J_lseygRmlU6bJA4rwOptimize the route rebuilding process to rebuild on write/a/spanspannbsp;Rebuilding the list of routes is expensive, and can result in race conditions (this also /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNF_ZTbyYnjr1lCGReNjTPrEuUJIIwaffects Drupal 7/a/spanspan). This issue proposes to move menu rebuilding to write-only requests, which are expected to be expensive anyway./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGcgPe5UQGwbp0nUt5w4tu4WYMT6ACache-enabled forms generate cached form data for every user on every request/a/spanspannbsp;(/spanspan class=c3No patch/spanspan) There#39;s currently a bug exposed by Viewsmdash;/spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGYKD-eZUSuloKkdIKw-I4bFH6-8AViews exposed filter form causes enormous form state cache entries/a/spanspanmdash;but also visible in other forms that employ caching, which results in the form cache ballooning out of control. Needs to be fixed./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHmOWAPpp3HItML1p8-7Egm5Y8ogQBlockContentBlock ignores cache contexts required by the block_content entity/a/spanspannbsp;This is a bug fix (critical because there could be access control implications if a custom block has access-controlled fields on it) that ensures that a block and its associated block content both share the same list of cache contexts (e.g. language, roles, etc.)./span/li /ul h2 class=c7a name=h.sumg6cigkyfo/aspanEntity Field API/span/h2 p class=c11spanTracked under the /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNH5xucBYr72OGkC1CJGy5b6Z9qr7AEntity Field API/a/spanspannbsp;tag (currently 6 issues)./span/p p class=c6span/span/p p class=c11span class=c3Skills needed:/spanspannbsp;Entity/Field API, Form API, Schema API/span/p p class=c6span/span/p ul class=c8 lst-kix_gkrhy9ftmdx5-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEm8zigRoETiM0xpgzyoHiJ7PEWNwSchema for newly defined entity types is never created/a/spanspannbsp;(/spanspan class=c3 c15D8 upgrade path/spanspan) When you first install a module that defines an entity type (for example, Comment), its database tables are correctly generated. However, if an entity definition is later added by a developer to an already-installed module, the related database schema won#39;t get created, nor will it be detected in update.php as an out-of-date update to run./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNF6wft03zVHvuEyt9diRWr3opMtsAFileFormatterBase should extend EntityReferenceFormatterBase/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan) Entity Reference fields define a EntityReferenceFormatterBase class, which contains logic about which entities to display in the lookup, including non-existing entities and autocreated entities. File field#39;s FileFormatterBase class currently duplicates that logic, except it misses some parts, including access checking, which makes this a security issue. The issue proposes to simply make File field#39;s base class a sub-class of Entity Reference#39;s, removing the need of quot;sort of but not quite the samequot; code around key infrastructure./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFvSPNVJUSYpsaaC3je8mUVmSrEVgFieldTypePluginManager cannot instantiate FieldType plugins, good thing TypedDataManager can instantiate just about anything/a/spanspannbsp;Currently, you get a fatal error if you attempt to use Drupal 8#39;s /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGHDJTI-JgUDgHDVY3h2LK4-As6MgPlugin API/a/spanspannbsp;to create a new instance of a field type. The current code in core is avoiding this problem by going roundabout via the /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE7bW8j1L2jjLD1_nS4nCvjsW14owTyped Data API/a/spanspannbsp;instead. This issue#39;s critical because these are two of the most central APIs in Drupal 8, and they should work as expected./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEEchonPMehGXhlW8w9B6bEaTtMBg[META] Untie content entity validation from form validation/a/spanspannbsp;Despite all the work to modernize Drupal 8 into a first-class REST server, there still remain places where validation is within form validation functions, rather as part of the proper entity validation API, which means REST requests (or other types of workflows that bypass form submissions) are missing validation routines. This meta issue tracks progress of moving the logic to its proper place./span/li /ul ul class=c8 lst-kix_gkrhy9ftmdx5-1 start li class=c5 c9span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNF9xvqIvcl67YwKnFshYuhlejx2GwEntity forms skip validation of fields that are edited without widgets/a/spanspannbsp;(/spanspan class=c10 c3gt;30 days/spanspan) If a field can be edited with a form element that is not a Field API widget, we do not validate its value at the field-level (i.e., check it against the field#39;s constraints). Fixing this issue requires ensuring that all entity forms only use widgets for editing field values./span/li /ul ul class=c8 lst-kix_gkrhy9ftmdx5-2 start li class=c11 c5 c13span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNH-RDl70ORNNulODzZ6hS4JX5UCEgEntity forms skip validation of fields that are not in the EntityFormDisplay/a/spanspannbsp;(/spanspan class=c3No patch, /spanspan class=c10 c3gt;30 days/spanspan) Drupal 8 has a new feature called quot;form modesquot; (basically analogous to quot;/spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEjeFtdJbjqlLQkga6WGx_XxRZhoAview modes/a/spanspanquot; in Drupal 7, except allowing you to set up multiple forms for a given entity instead). Currently, we#39;re only validating fields that are displayed on a given form mode, even though those fields might have validation constraints on other fields that are not displayed. Critical because it could present a security issue./span/li /ul h2 class=c7 c21a name=h.pvyrwdfyvdc0/aspanViews/span/h2 p class=c11spanViews issues are generally tracked with the /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGdFWFDDaUn7RV5xlUPP96K0BfhcQVDC/a/spanspannbsp;tag. There are currently 6 criticals at this point which touch on Views (some already covered in earlier sections)./span/p p class=c6span/span/p ul class=c8 lst-kix_9lopuf4j9p0n-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFYkCUijOMV0LTQJWAEiqXdwIsKZwViews base fields need to use same rendering as Field UI fields, for formatting, access checking, and translation consistency/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path, /spanspan class=c12 c3Blocker/spanspan) This is a critical blocker to multilingual functionality; right now, Views mixes up languages when a node title (base field) and body (field UI field) are in the same view. However, it#39;s also the cause of various other inconsistencies, like the inability to select formatters and formatter options on base fields. This issue proposes treating base entity fields the same as Field UI fields in Views./span/li /ul ul class=c8 lst-kix_9lopuf4j9p0n-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEyACbu7oe819jdX0twm-CxjsxRxA[PP-1] Base entity fields using #39;standard#39; plugin added via EntityViewsData to not respect field level access/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path, /spanspan class=c20 c3Postponed/spanspan) Basically, a subset of the same problem. It#39;s postponed because the above issue may end up solving it./span/li /ul ul class=c8 lst-kix_9lopuf4j9p0n-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFmL59VCm0NjAb1b-T29tkrR94qQQViews should set cache tags on its render arrays, and bubble the output#39;s cache tags to the cache items written to the Views output cache/a/spanspannbsp;This one is critical because it could result in Views showing stale content due to not correctly associating the cache tags of content displayed inside a view with the view itself./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGYKD-eZUSuloKkdIKw-I4bFH6-8AViews exposed filter form causes enormous form state cache entries/a/spanspannbsp;Because serialized views are ginormous, the size of the form cache grows exponentially on repeated load of a view with an exposed filter. This issue aims to reduce what is cached by views to stop this from happening./span/li /ul h2 class=c7 c21a name=h.yssr9b6rl72a/aspanConfiguration system/span/h2 p class=c11spanThe /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFeeu8qmScm4vhXlSzmkbs5O7D-EQconfiguration system/a/spanspannbsp;is remarkably close to being shippable! Only 4 critical issues left. We#39;re now working on finalizing the niggly bits around edge cases that involve configuration that depends on other configuration./span/p p class=c6span/span/p p class=c11span class=c3Skills needed:/spanspannbsp;Configuration system, Entity Field API, Views/span/p p class=c6span/span/p ul class=c8 lst-kix_gdjmrlbf1bc0-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGrRIuplFmdAu3if6E4EPcVjezoMQ[meta-3] CMI path to release/a/spanspan: The main tracking issue for CMI-related issues./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFOWVft_KgKgMIWO4d3EjnoyfTncwDon#39;t install a module when its default configuration has unmet dependencies/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan) Seems like a good idea. :P Basically handles the situation where a module provides some default configuration (say, a default View), which references a dependency on some other module (say, an Entity Reference field). You want to ensure that the module#39;s default configuration can#39;t be installed unless all the various dependencies it needs are there./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNH8NyvaOIPZhA1l_kWXwnn0nDSXZwDetermine which config entities can be fixed and which will be deleted when a dependency is removed/a/spanspannbsp;(/spanspan class=c12 c3Blocker/spanspan) When we uninstall a module we list which other configuration will be quot;affectedquot; by the uninstallation. This issue proposes to add new functionality to the configuration system to work out what is going to happen when a specified dependency (or set of dependencies in the case of multiple modules) is going to be removed./span/li /ul ul class=c8 lst-kix_gdjmrlbf1bc0-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHtcw1ZuRdAtOsplntKct5pHLI_mw[PP-1] Delete dependent config entities that don#39;t implement onDependencyRemoval() when a config entity is deleted/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path/spanspan) In the case where dependent configuration is part of the main configuration (for example, fields on a node type) we want to ensure clean-up is done when the main configuration is deleted./span/li /ul h2 class=c7a name=h.744pljan9umi/aspanquot;Fix it, or elsequot;/span/h2 p class=c11spanThis subset of issues are things that are part of core currently, and we would /spanspan class=c16really/spanspannbsp;like to keep, but are willing to make some hard choices in the event they are among the last remaining criticals blocking release. The quot;postponedquot; among this list means quot;postponed until we#39;re down to only a handful of criticals left.quot; If these issues end up remaining in the list, we will move their functionality to contrib, and hope to add it back to core in a later point release if it gets fixed up./span/p p class=c6span/span/p p class=c11span class=c3Skills required:/spanspannbsp;Various, but mainly low-level infrastructure and non-MySQL database skills./span/p p class=c6span/span/p ul class=c8 lst-kix_hhgio4gd2kqu-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGoAdO3NRztXRE9gIlciA5vz63pBQ[meta] (websites/infra) blockers to a Drupal 8 release/a/spanspannbsp;(/spanspan class=c12 c3Blocker/spanspan) This issue contains a quot;grab bagquot; of blockers that prevent an optimal Drupal 8 release, including things like semantic versioning support, testing support for multiple PHP/database versions, and support for Composer-based installations. If this issue is one of the last remaining criticals, we might choose to ship Drupal 8 anyway, and jettison one or more features in the process, such ashellip;/span/li /ul ul class=c8 lst-kix_hhgio4gd2kqu-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEgTsGRSmLI-OiIWf5A7QYErFfAKA[Meta] Make Drupal 8 work with PostgreSQL/a/spanspannbsp;The meta/planning issue for fixing PostgreSQL (both in terms of functionality and in terms of failing tests)./spanspannbsp;/spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFUCvi3AYakspUgohzh2ZplWqKK9Qbzrudi71/a/spanspannbsp;is predominantly leading the charge here and making steady progress, but more hands would be greatly appreciated./span/li /ul ul class=c8 lst-kix_hhgio4gd2kqu-2 start li class=c11 c5 c13span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHk2hD-OQrWA37h_ROJJoNXzydlngPostgreSQL constraints do not get renamed by db_rename_table()/a/spanspannbsp;One of the sub-issues of the above, critical because it causes failing tests./span/li li class=c11 c5 c13span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFzZCC_NtbjKPeItf7ZZUzJdbPREQ[policy, no patch] Move PostgreSQL driver support into contrib/a/spanspannbsp;(/spanspan class=c20 c3Postponed/spanspan) If efforts to fix PostgreSQL fails or we don#39;t get testbot support for PostgreSQL in time, it#39;s off to contrib-land (where, sadly, it is even /spanspan class=c16less/spanspannbsp;likely to survive regressions)./span/li /ul ul class=c8 lst-kix_hhgio4gd2kqu-1 li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHtt1ORniAF6M1YVYgRXILWF56vJA[meta] Database tests fail on SQLite/a/spanspannbsp;(/spanspan class=c10 c3gt;30 days/spanspan) Same deal as PostgreSQL but for SQLite. /spanspan class=c16Unlike/spanspannbsp;PostgreSQL/spanspannbsp;though, this one doesn#39;t have anyone leading the charge at this time, and it#39;s also a lot harder to punt this to contrib, since we use it for various things such as testbot. /spanspan class=c3Help wanted!/span/li /ul ul class=c8 lst-kix_hhgio4gd2kqu-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEIKMTpX4Cqss6MWuSotfn1WZIijQRemove the UI for installing/updating modules from update module if it is not fixed in time for release/a/spanspannbsp;(/spanspan class=c20 c3Postponed/spanspan) One major security improvement of Drupal 7 was providing the ability to install/update modules and themes directly from the browser. However, the feature has atrophied in Drupal 8 due to lack of test coverage and lack of active use/maintenance, and now the functionality is broken. And while the feature#39;s very useful, it#39;s not useful enough to further delay Drupal 8#39;s release if it#39;s one of the last critical issues left. /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFfBXaLfc0AvUBAlJYUWbX-abqotwjoelpittet/a/spanspannbsp;is making a valiant effort to try and save this feature in /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFHXswMfBDsyPh_0-7fw3CzSYNpZQInstall a module user interface does not install modules (or themes)/a/spanspan, but the issue would definitely benefit from other helping hands, particularly for extra testing/patch reviews./span/li /ul p class=c6span/span/p h2 class=c7 c21a name=h.h46w1jnuchnr/aspanGeneral house-keeping/span/h2 p class=c11spanThese are all basic things we need to keep on top of between now and release, to ensure that when we#39;re down to only a handful of criticals, we#39;re ready to ship a release candidate. The good news is, these are also all generally really easy patches to make, and often also to test./span/p p class=c6span/span/p p class=c11span class=c3Skills needed:/spanspannbsp;Basic patch rolling / reviewing / testing skills. (/spanspan class=c3good for newbies!/spanspan)/span/p p class=c6span/span/p ul class=c8 lst-kix_2mieegahdh2w-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFRZ0NVFJ9hzUREQoci8LdyxYiI2g[meta] Ensure vendor (PHP) libraries are on latest stable release/a/spanspannbsp;Basically, exactly what it says. :) Making sure that all of the external libraries referenced in core#39;s /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGO-TwEbV5aj3Iownn5YY8Mo1HDSwcomposer.json/a/spanspannbsp;file are up to the latest stable releases./span/li /ul ul class=c8 lst-kix_2mieegahdh2w-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEW3ZFmLx2OmjxyKCFTJOepPkAYmgUpgrade validator integration for Symfony versions 2.5+/a/spanspannbsp;This one is called out specially because doing this brings us inline with Symfony 3, which is important for future-proofing Drupal 8./span/li /ul ul class=c8 lst-kix_2mieegahdh2w-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHOSbRNiJ3zQjyCwhQEJ9plR1dtxQ[meta] Various asset (JavaScript) libraries have to be updated to a stable release prior to 8.0.0/a/spanspannbsp;(/spanspan class=c12 c3Blocker/spanspan) Same deal, but for JavaScript libraries, which are generally located in the/spanspana class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFG_0GAO6J-92wsByJe5bRkPNpTsgnbsp;/a/spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFG_0GAO6J-92wsByJe5bRkPNpTsg;folder./span/li /ul ul class=c8 lst-kix_2mieegahdh2w-1 start li class=c9 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEQTZKeukQyAohsQq7NyOBJH_lMCA[meta] Ship minified versions of external JavaScript libraries/a/spanspannbsp;(/spanspan class=c20 c3Postponed/spanspan) Basically, in the Gilded Mobile Agetrade; we want to ensure that we#39;re sending as little over the wire as possible, so scrunching various JS libraries down to the smallest possible file size needs to be the default. Separate issue from above because it needs to happen for both updated and existing JS libraries. Postponed because there#39;ll be less work to do once all of the out-of-date JS libraries are updated and minified at the same time./span/li /ul ul class=c8 lst-kix_2mieegahdh2w-0 li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGOIY3qJRsir5uzh2g1aAQUiNtDZw[META-12] Review #39;revisit before release candidate#39; tag/a/spanspannbsp;There are a number of issues that for one reason or another (for example, because we made a decision in order to unblock progress but weren#39;t completely sure if it#39;d be the right one N months/years later when D8 shipped) we#39;ve tagged /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEJatKhMZfWls7LEr7Eh-hZLy4P0wrevisit before release candidate/a/spanspan. We need to make sure this list is down to zero in order to ship Drupal 8./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHF8XConzj3-XAM793BbCFUYi7hTw[meta] Provide a beta to beta upgrade path/a/spanspannbsp;(/spanspan class=c15 c3D8 upgrade path, /spanspan class=c20 c3Postponed/spanspan) A policy issue that documents what holds up a beta-to-beta upgrade path, and what happens after we ship an quot;upgrade path beta.quot; Postponed until all other critical D8 upgrade path issues are fixed./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNE_-a_R6YC72WmazGwZ4RIsnm2T6Q[policy, no patch] 8.0.0 release candidates, release, patch versions, 8.1.x/a/spanspannbsp;A policy discussion about what happens once we reach zero critical issues. Needs to be figured out before that happens. :)/span/li /ul h2 class=c7a name=h.rmvhprdt1fbk/aspanOther/span/h2 p class=c11spanI couldn#39;t figure out a nice heading for these, so here#39;s the rest./span/p p class=c6span/span/p ul class=c8 lst-kix_91g62kqwec1n-0 start li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGys0U30HBIgCI6WvtvKxBPNqI0qwRemove _system_path from $request-gt;attributes/a/spanspannbsp;Symfony provides a $request object, which has an quot;attributesquot; property for the purpose of storing various contextual bits. But the problem with $request-gt;attributes-gt;get(#39;_MAGIC_KEY#39;) is that the values are undocumented, there#39;s no IDE autocompletion, and it#39;s not clear which are internal vs. public properties, so we have an issue at /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHi1yhUwzJ6piRLwPao-x5CH0MNqg[meta] Stop using $request-gt;attributes-gt;get(MAGIC_KEY) as a public API/a/spanspan. to try and stop doing that. brbrHowever, _system_path in particular is used a ton, since it#39;s very common to want to know the path of the current request. The patch exposes a quot;CurrentPathquot; service instead, which eliminates all of those issues./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFVGxFRDovFv321NlON0HBDCOenUgPotential data loss: concurrent node edits leak through preview/a/spanspannbsp;Because the temp store that Drupal 8#39;s new node preview system employs uses an entity#39;s ID as the key, rather than something uniquely identifiable to a user, if two users are editing the same node and hit preview at the same time, one of them is going to lose data due to a race condition./span/li li class=c1 c5span class=c2 c3a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNHIErRFTx4OrpIE4iyKqvg4Pu7GYQAjax file uploads fail on IE 9/a/spanspannbsp;Pretty much exactly what it says on the tin. :P/span/li /ul h1 class=c7a name=h.bf4k5phhkgn7/aspanThrilling conclusion! (also known as quot;TL;DRquot;)/span/h1 p class=c11spanWell, not so thrilling, but at least a conclusion. :)/span/p p class=c6span/span/p ul class=c8 lst-kix_f44wt6l5fd2z-0 start li class=c1 c5spanAnywhere you see a /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFnReuY9Oi3etLjtLzttlaaRGhnHwblocker/a/spanspannbsp;issue, attack it with fire. Those are holding other criticals up./span/li li class=c1 c5spanThe biggest area of focus right now is /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEXNqQsm8FbF5G9RG2BykCXaeQvDwD8 upgrade path/a/spanspannbsp;blockers. Many of them are /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNEE-dzgLOIyDKSjRNfsHuZCz5V5jQsecurity/a/spanspannbsp;issues./span/li li class=c1 c5spanAnother big area is /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNG98Y_gFvVEV5XHo5qZ8GarKoAm_wPerformance/a/spanspan, both fixing existing regressions, and profiling to determine where our biggest wins are./span/li li class=c1 c5span class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGdFWFDDaUn7RV5xlUPP96K0BfhcQViews/a/spanspannbsp;and /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNH5xucBYr72OGkC1CJGy5b6Z9qr7AEntity Field API/a/spanspannbsp;are tied in third place for number of remaining criticals. Let#39;s have a race, shall we? ;)/span/li li class=c1 c5spanThe /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFeeu8qmScm4vhXlSzmkbs5O7D-EQconfiguration system/a/spanspannbsp;is looking pretty good, but still has a handful of sticky issues left./span/li li class=c1 c5spanThere are a series of /spanspan class=c2a class=c0 href=#h.744pljan9umiimportant features we#39;ll lose/a/spanspannbsp;if they#39;re not fixed up in time./span/li li class=c1 c5spanIf you#39;re looking for something somewhat easy/mundane, help yourself to one of the /spanspan class=c2a class=c0 href=#h.h46w1jnuchnrgeneral house-keeping/a/spanspannbsp;issues./span/li li class=c1 c5spanDon#39;t forget about the /spanspan class=c2a class=c0 href=#h.rmvhprdt1fbkother miscellaneous issues/a/spanspannbsp;I was too tired to categorize./span/li /ul p class=c6span/span/p p class=c11spanSorry this post was so long (and probably has its share of inaccuracies) but I hope it will be helpful to some. It#39;s basically what I needed to get back up to speed after taking a few months off of Drupal 8, so figured I#39;d /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNFB0FT6TPrt2Xb8M1Uj53Urc9PVRAdocument my way to understanding/a/spanspan./span/p p class=c6span/span/p p class=c11spanNow, let#39;s /spanspan class=c2a class=c0 href=;sa=Damp;sntz=1amp;usg=AFQjCNGBWBAEHObfCfWKwarFwozMIh50rQget #39;er done/a/spanspan! :D/span/p p/body/html/p /div/div/divdiv class=field field-name-taxonomy-vocabulary-1 field-type-taxonomy-term-reference field-label-abovediv class=field-labelTags:nbsp;/divdiv class=field-itemsdiv class=field-item evena href=/taxonomy/term/63 typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=drupal 8/a/divdiv class=field-item odda href=/taxonomy/term/1 typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=drupal/a/divdiv class=field-item evena href=/drupal-core-diaries typeof=skos:Concept property=rdfs:label skos:prefLabel datatype=drupal core diaries/a/div/div/div

3C Web Services: Introduction to the Super Login Module for Drupal 7

Sat, 02/14/2015 - 01:13
Drupal’s default login page form is functional but does leave a lot to be desired. It’s pretty bland and, if left as-is, is always a telltale sign that your site is a Drupal website. The Super Login Module for Drupal 7 is a simple way to improve the look and functionality of Drupal's login page.

Stanford Web Services Blog: Behat Custom Step Definition: Wait for Batch API to Finish

Sat, 02/14/2015 - 00:00
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedp class=summaryIf you're using a href= and the a href= Extension/a, you might find the following code snippet helpful if you want to add a step to wait for batch jobs to finish./p pIf one of your Behat scenarios kicks off a batch job (e.g., a Feeds import), and you want to wait for that batch job to finish before moving on to the next step, add this step definition in your FeatureContext.php file:/p/div/div/div

DrupalDare: Nginx, Memcache, Drupal page cache #1

Fri, 02/13/2015 - 21:09
Reverse proxy caching is something that is almost a must have for any popular site today. For Drupalers Varnish is by far the most used reverse proxy since it's easy to use and works really well/stable. Nginx has been succesful as a reverse proxy with Drupal as well, but it has mainly been been used with the file system and modules like Boost. But there exists a Memcache module that can speak directly to Nginx as well. In this article I will do some benchmarking on how to save the data when applying memcache to Nginx.

Commerce Guys: Drupal Commerce Site Spotlight:

Fri, 02/13/2015 - 20:06
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item even property=content:encodedpWe're always on the lookout for great sites built with Drupal Commerce, our truly flexible software that's changing the face of eCommerce one site at a /br / Perhaps the biggest strength of a href= title=Content-Driven eCommerceDrupal Commerce is it's flexibility, and that's clearly at work on the /aa href= title=Novus - A Bio-techne brandNovus Bio web site/a, a niche eCommerce site that's servicing a unique need in BioTech. Novus Biologicals features a commerce suite with a multitude of products available internationally for buyers of many different languages. Not to mention they are selling cells, strongHow cool is that?/strong/p pa href= title=Novus - A Bio-techne brandimg alt=Drupal Commerce Spotlight Site: Novus Bio src= //a/p p /p pTo see Drupal Commerce sites we've Spotlighted in previous weeks view the a href= Spotlight Sites/a/p /div/div/div

Lullabot: Front-End Fundamentals, a Book Written by Bots

Fri, 02/13/2015 - 17:22
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item evenpOne of the coolest things about Lullabots is their desire to teach and share their knowledge. They do this in many formats: podcasts, articles, presentations, and even writing books. a href= Fender/a and a href= Young/a decided there was an absolute need to write a book that brings all aspects of Front-End tools, frameworks, concepts, and procedures into one place — a href= Fundamentals/a./p/div/div/div ul class=field field-name-field-show-notes field-type-link-field field-label-hidden li a href= Fundamentals/a /li li a href= Fundamentals (25% discount)/a /li li a href= /li /ul

InternetDevels: InternetDevels+Drupal = Love

Fri, 02/13/2015 - 15:07
div class=field field--name-body field--type-text-with-summary field--label-hiddendiv class=field__itemsdiv class=field__item evenpWe are serious about Drupal. Our relationship lasts for already 7 years by now. Today is St. Valentine’s Day — a good day to express our love to Drupal. Drupal united us and allowed making new friends, so it IS awesome and incredibly cool without any doubt! So here’s few reasons we love it (just listen to it, sounds like an ode to a real loved one):/p a href= more/a/div/div/div

Iztok Smolic: 4 essential tips on implementing best practices

Fri, 02/13/2015 - 14:27
pDrupal community talks a lot about best practices. When I talk about best practices I mean code driven development, code reviews, SCRUM, automated tests#8230; I immediately realised that introducing new ways of working is not going to be easy. So I figured, why not asking one of the smart people how to start. Amitai (CTO of Gizra) was very kind to have [#8230;]/p pThe post a rel=nofollow href= essential tips on implementing best practices/a appeared first on a rel=nofollow href=http://iztoksmolic.comIztok/a./p

OpenLucius: Dependency injection in Drupal 8, an introduction.

Fri, 02/13/2015 - 11:45
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item evenh2Introduction/h2pstrongSo, like a bunch of other Drupal people, we're also experimenting with Drupal 8; for our Drupal distro /strongstronga href= Us/strongstrong being 'less is more'-developers, one aspect we really like is emdependency injection/em./strong/p/div/div/div

Jimmy Berry: The woes of the testbot

Fri, 02/13/2015 - 02:43
div class=field field-name-body field-type-text-with-summary field-label-hiddendiv class=field-itemsdiv class=field-item evenpFor those not familiar with me, a little research should make it clear that I am the person behind the testbot deployed in 2008 that has revolutionized Drupal core development, stability, etc. and that has been running tens of thousands of assertions with each patch submitted against core and many contributed modules for 6 years./p pMy intimate involvement with the testbot came to a rather abrupt and unintended end several years ago due to a number of factors (which only a select few members of this community are clearly aware). After several potholes, detours, and bumps in the road, it became clear to me the impossibility of maintaining and enhancing the testbot under the policies and constraints imposed upon me./p pFive years ago we finished writing an entirely new testing system, designed to overcome the technical obstacles of the current testbot and to introduce new features that would enable an enormous improvement in resource utilization that could then be used for new and more frequent QA./p pFive years ago we submitted a proposal to the Drupal Association and key members of the community for taking the testbot to the next level, built atop the new testing system. This proposal was ignored by the Association and never evaluated by the community. The latter is quite puzzling to me given:/p ul lithe importance of the testbot/li lithe pride this open source community has in openly evaluating and debating literally emeverything/em (a healthy sentiment especially in the software development world)/li liI had already freely dedicated years of my life to the project./li /ul pThe remainder of this read will:/p ul lilist some of the items included in our proposal that were dismissed with prejudice five years ago, but since have been adopted and implemented/li licompare the technical merits of the new system (ReviewDriven) with the current testbot and a recent proposal regarding modernizing the testbot/li liprovide an indication of where the community will be in five years if it does nothing or attempts to implement the recent proposal./li /ul pThis read will not cover the rude and in some cases seemingly unethical behavior that led to the original proposal being overlooked. Nor will this cover the roller coaster of events that led up to the proposal. The intent is to focus on a technical comparison and to draw attention to the obvious disparity between the systems./p h1About Face/h1 pThings mentioned in our proposal that have subsequently been adopted include:/p ul lipaying for development primarily benefiting instead of clinging to the obvious falacy of open source it and they will come/li lipaying for machine time (for workers) as EC2 is regularly utilized/li liutilizing proprietary SaaS solutions (Mollom on liautomatically spinning up more servers to handle load (e.g. during code sprints) which has been included in the modernize proposal/li /ul h1Comparison/h1 pThe following is a rough, high-level comparison of the three systems that makes clear the superior choice. Obviously, this comparison does not cover everything./p pstyle type=text/css table#testbot-comparison td { border: 1px solid white; } table#testbot-comparison td:nth-child(2), table#testbot-comparison td:nth-child(3), table#testbot-comparison td:nth-child(4) { width: 33% } table#testbot-comparison tr:nth-child(1), table#testbot-comparison td:nth-child(1) { font-weight: bold; font-size: 120%; } table#testbot-comparison td:nth-child(2) { background-color: #FFCC00; } table#testbot-comparison td:nth-child(3) { background-color: #D46A6A; color: white; } table#testbot-comparison td:nth-child(4) { background-color: #55AA55; color: white; } /style/p table id=testbot-comparison tr td/td tdBaseline/td tdBackwards modernization/td tdTrue step forward/td /tr tr tdSystem/td tdCurrent tdModernize Proposal/td tdReviewDriven/td /tr tr tdStatus/td tdIt's been running for over 6 years/td tdDoes not exist/td tdExisted 5 years ago at /tr tr tdComplexity/td tdCustom PHP code and Drupal Does not make use of contrib code/td tdMish mash of languages and environments: ruby, python, bash, java, php, several custom config formats, etc.brbr Will butcher a variety of systems from their intended purpose and attempt to have them all communicatebrbr Adds a number of extra levels of communication and points of failure/td tdMinimal custom PHP code and Drupalbrbr Uses commonly understood contrib code like Views /td /tr tr tdMaintainability/td tdLearning curve but all PHP/td tdLanguages and tools not common to Drupal site building or maintenancebrbr Vast array of systems to learn and the unique ways in which they are hacked/td tdLess code to maintain and all familiar to Drupal contributors/td /tr tr tdSpeed/td tdKnown; gets slower as test suite grows due to serial execution/td tdStill serial execution and probably slower than current as each separate system will add additional communication delay/td tdAn order of magnitude faster thanks to concurrent executionbrbr Limited by the slowest test casebrbr *See below/td /tr tr tdExtensibility (Plugins)/td tdModerately easy, does not utilize contrib code so requires knowledge of current system/td tdSeveral components, one on each system usedbrbr New plugins will have to be able to pass data or tweak any of the layers involved which means writing a plugin may involve a variety of languages and systems and thus include a much wider breadth of required knowledge/td tdMuch easier as it heavily uses commons systems like Viewsbrbr Plugin development is almost entirely common to Drupal development:br define storage: Fieldsbr define display: Viewsbr define execution: CTools function on workerbrbr And all PHP/td /tr tr tdSecurity/td tdRuns as same user as web process/td tdMany more surfaces for attack and that require proper configuration/td tdDaemon to monitor and shutdown job process, lends itself to Docker style with added security/td /tr tr td3rd party integration/td tdBasic RSS feeds and restricted XML-RPC client API/td tdUnknown/td tdFull Services module integration for public, versioned, read API and write for authorized clients/td /tr tr tdStability/td tdWhen not disturbed, has run well for years, primary causes of instability include ill-advised changes to the code basebrbr Temporary and environment reset problems easily solved by using Docker containers with current code base/td tdUnknown but multiple systems imply more points of failure/td tdSame number of components as current systembrbr Services versioning which allows components to be updated independentlybrbr Far less code as majority depends on very common and heavily used Drupal modules which are stablebrbr 2-part daemon (master can react to misbehaving jobs)brbr Docker image could be added with minimal effort as system (which predates Docker) is designed with same goals as Docker/td /tr tr tdResource utilization/td tdEntire test suite runs on single box and cannot utilize multiple machines for single patch/td tdMultiple servers with unshared memory resources due to variety of language environmentsbrbr Same serial execution of test cases per patch which does not optimally utilize resources/td tdAn order of magnitude better due to concurrent execution across multiple machinesbrbr Completely dynamic hardware; takes full advantage of available machines.brbr *See below/td /tr tr tdHuman interaction/td tdManually spin up boxes; reduce load by turning on additional machines/td tdIntended to include automatic EC2 spin up, but does not yet exist; more points of failure due to multiple systems/td tdAdditional resources are automatically turned on and utilized /td /tr tr tdTest itself/td tdTests could be run on development setup, but not within the production testbot/td tdUnknown/td tdYes, due to change in worker design.brbr A testbot inside a testbot! Recursion!/td /tr tr tdAPI/td tdDoes the trick, but custom XML-RPC methods/td tdUnknown/td tdHighly flexible input configuration is similar to other systems built later like travis-cibrbr All entity edits are done using Services module which follows best practices/td /tr tr td3rd party code/td tdAble to test patches on public instance/td tdUnknown, but not a stated goal/td tdSupports importing VCS credentials which allows testing of private code bases and thus supports the business aspect to provide as a service and to be self sustainingbrbr Results and configuration permissioned per user to allow for results to be public on the same instance as private results/td /tr tr tdImplemented plugins/td tdSimpletest, coder/td tdNone exist/td tdSimpletest, coder, code coverage, patch conflict detection, reroll of patch, backport patch to previous branch/td /tr tr tdInterface/td tdWell known; designed to deal with display of several 100K distinct test results; lacks revision history; display uses combination of custom code and Views/td tdUnknown as being built from scratch and not begunbrbr Jenkins can not support this interface (in Jenkins terminology multiple 100K jobs) so will have to be written from scratch (as proposal confirms and was reason for avoiding Jenkins in past)brbr Jenkins was designed for small instances within businesses or projects, not a large central interface like tdHierarchical results navigation from project, branch, issue, patchbrbr Context around failed assertion (like diff -u)brbr Minimizes clutter, focuses on results of greatest interest (e.g. failed assertions); entirely built using Views so highly customizablebrbr Simplified to help highlight pertinent information (even icons to quickly extract status)brbr Capable of displaying partial results as they are concurrently streamed in from the various workers/td /tr /table h1Speed and Resource Utilization/h1 pArguably one of the most important advantages of the ReviewDriven system is concurrency. Interestingly, after seeing inside Google I can say this approach is far more similar to the system Google has in place than Jenkins or anything else./p pSystems like Jenkins and especially travis-ci, which for the purpose of being generic and simpler, do not attempt to emunderstand/em the workload being performed. For example Travis simply asks for commands to execute inside a VM and presents the output log as the result. Contrast that with the Drupal testbot which knows the tests being run and what they are being run against. Why is this useful? Concurrency./p pInstead of running all the test cases for a single patch on one machine, the test cases for a patch may be split out into separate chunks. Each chunk is processed on a different machine and the results are returned to the system. Because the system understands the results it can reassemble the chunked results in a useful way. Instead of an endlessly growing wait time as more tests are added and instead of having nine machines sitting idle while one machine runs the entire test suite all ten can be used on every patch. The wait time effectively becomes the time required to run the slowest test case. Instead of waiting 45 minutes one would only wait perhaps 1 minute. The difference becomes more exaggerated over time as more tests are added./p pIn addition to the enormous improvement in turnaround time which enables the development workflow to process much faster you can now find new ways to use those machine resources. Like testing contrib projects against core commits, or compatibility tests between contrib modules, or retesting all patches on commit to related project, or checking what other patches a patch will break (to name a few). Can you even imagine? A Drupal sprint where the queue builds up an order of magnitude more slowly and runs through the queue 40x faster?/p pNow imagine having additional resources automatically started when the need arises. No need to works (and did so 5 years ago). Dynamic spinning up of EC2 resources which could obviously be applied to other services that provide an API./p pThis single advantage and the world of possibility it makes available should be enough to justify the system, but there are plenty more items to consider which were all implemented and will not be present in the proposed initiative solution./p h1Five Years Later/h1 pFive years after the original proposal, Drupal is left with a testbot that has languished and received no feature development. Contrast that with Drupal having continued to lead the way in automated testing with a system that shares many of the successful facets of travis-ci (which was developed later) and is superior in other aspects./p pAs was evident five years ago the testbot cannot be supported in the way much of Drupal development is funded since the testbot is not a site building component placed in a production site. This fact drove the development of a business model that could support the testbot and has proven to be accurate since the current efforts continue to be plagued by under-resourcing. One could argue the situation is even more dire since Drupal got a freebie so to speak with me donating nearly full-time for a couple of years versus the two spare time contributors that exist now./p pOn top of lack of resources the current initiative, whose stated goal is to modernize the testbot, is needlessly recreating the entire system instead of just adding Docker to the existing system. None of the other components being used can be described as modern since most pre-date the current system. Overall, this appears to be nothing more than code churn./p pAssuming the code churn is completed some time far in the future; a migration plan is created, developed, and performed; and everything goes swimmingly, Drupal will have exactly what it has now. Perhaps some of the plugins already built in the ReviewDriven system will be ported and provide a few small improvements, but nothing overarching or worth the decade it took to get there. In fact the system will needlessly require a much rarer skill set, far more interactions between disparate components, and complexity to be understood just to be maintained./p pContrast that with an existing system that can run the entire test suite against a patch across a multitude of machines, seamlessly stitch the results together, and post back the result in under a minute. Contrast that with having that system in place five years ago. Contrast that with the whole slew of improvements that could have also been completed in the four years hence by a passionate, full-time team. Contrast that with at the very least deploying that system today. Does this not bother anyone else?/p pContrast that with Drupal being the envy of the open source world, having deployed a solution superior to travis-ci and years earlier./p pPlease post feedback on a href= issue/a./p /div/div/divdiv class=field field-name-taxonomy-vocabulary-2 field-type-taxonomy-term-reference field-label-inline clearfixh3 class=field-labelTags: /h3ul class=links inlineli class=taxonomy-term-reference-0a href=/taxonomy/term/2drupal/a/lili class=taxonomy-term-reference-1a href=/taxonomy/term/31testbot/a/li/ul/div