Q: No other CMS has this function
A: So why shouldn't joomla be innovative?

Um wordpress

@brianteeman

Maybe. I discussed this at the joomla forum and this was one of the arguments. So I wanted to place it here.

If worpress has this function it's one more argument to also have it.

1) Joomla core update handling needs to be rewritten. Joomla core updates
are processed in the same manner as extensions. This causes a lot of
issues IMO. As an example we cannot distinguish between "security", "bug",
or "feature" related packages, or label if they fall under multiple
categories. Instead of core updates reading an XML file and trying to
decide based on a version compare function's results if an update can be
applied (which means all features need to be in the core CMS and new
features can only be relied on at the version they are introduced), the
"phone home" update check needs to send the server specs (the same data
used in the stats collection plugin, there isn't a need for anything
additional here) and the user's update configuration (are you interested in
only current version (3.x) notifications, want to be prompted for 4.0 when
it happens, or if an automated system comes into play do you want only
security patches to auto apply or other release types) to a joomla.org
server and we run an application there that reads your data and gives back
the right update data. This decouples the requirement that the core CMS
has all of the update logic self contained, if we need to add additional
checks it's done in the remote application and applies to all Joomla
releases reading from it.

2) Liability issues. Implementing an unattended update system exposes the
project to new liabilities if an update crashes a site (one we pushed to
users versus something a user optionally installed) or heaven forbid the
Joomla hosting architecture were hacked. There would need to be a lot of
legalese in place to protect our volunteers because at least in the lawsuit
happy USA people WILL come after us.

3) It won't happen overnight. Drupal has been working on something similar
for close to two years, ref: https://www.drupal.org/node/2367319 and they
are still nowhere near a working solution.

4) Security of the whole system. See the Drupal issue. It's a lot more
than saying "hey, Joomla core has an update available, download it now".

On Monday, September 5, 2016, RichardEb notifications@github.com wrote:

@brianteeman https://github.com/brianteeman

Maybe. I discussed this at the joomla forum and this was one of the
arguments. So I wanted to place it here.

If worpress has this function it's one more argument to also have it.

This comment was created with the J!Tracker Application
https://github.com/joomla/jissues at issues.joomla.org/joomla-cms/11937
https://issues.joomla.org/tracker/joomla-cms/11937.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#11937 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWfoZh8ylv5PRhqIl4QlVXdudQf3IdOks5qnBm8gaJpZM4J1EVe
.

Joomla core update handling needs to be rewritten. Joomla core updates
are processed in the same manner as extensions. This causes a lot of
issues IMO.

Sounds like the update-code has to be rewritten in the near future anyway.(see also #11931) So this may be a good opportunity to also implement an auto updater.

Liability issues.

This is really a big problem especially in the US. But maybe you can build the unattended updater as an opt-in with a disclaimer that has to be accepted before.

3/4)

I'm aware that this will be a hard piece of work and I don't expect it to be done within the next week. But maybe it's still worth the work and a good long term goal.

If drupal is also working on this problem maybe joomla and drupal can work together in this case. Especially the liability problems only have to be resolved once.

As @mbabker said Drupal have been trying for two years and are no where near solving it for them. And there code base structure is so completely different I doubt there will be any common ground

Many hosters offer free cronjob tasks and there are also external cronjob providers. So I could even live with this solution: To update joomla I only have to press the "update" button manually. Making it "clickable" by a cronjob, would also help me a bit. We only have to consider the max
php execution time. I'm not sure if cronjobs allow header redirects. I would guess no and most hosters don't allow to set the max php execution time.

Note: This is just a quick and dirty solution. A more proper and better supported solution would be still nice.

You can do a lot today, we have build a script that "can" do the job under some circumstances. It is a proof of concept but if you like to life dangerously check this out: https://github.com/joomla-projects/cli-update/tree/develop

I will have a look. Thanks. A proof of concept is maybe a little bit to less for a solution and the long term goal should still be an official Updater IMO.

You have to start somewhere

I don't say that having this is bad. It is indeed a good start. I only Wanted to say that it doesn't solve my Problem right now. ;)

It solves your problem, setup a cronjob calling the cli script and updates running without anything you have to do

As this is only a proof of concept it's a bit to risky to use it for customers right now. I'll do some tests and maybe it'll work so well that I'll deploy it to my customers or maybe it won't. (And it will also only work if the hoster offers a CLI based cronjob. Other implementations and external crons won't work with this implementation)

Anyway I'd like to have an official implemented update function in joomla. And I'm sure I'm not the only one who needs this feature.

Every important thing should be said but the issue is still in Discussion state. What should happen next?

This is something we will re-evaluate for 4.0