►
From YouTube: Backdrop Weekly - Mar 7
Description
Today’s development agenda: http://bit.ly/2Udn7In
A
All
right
we're
on
air,
it
is
Thursday
March
7th,
and
this
is
a
meeting
to
check
in
on
active
development
tasks
for
backdrops
amis.
Before
we
get
into
the
core
software
itself,
we
would
like
to
welcome
KS
Thomas
to
the
community,
he's
created
a
maintainer
application,
stating
that
he's
created
some
new
modules
for
backdrop
and
wants
to
be
able
to
put
them
into
the
repository.
So
thanks
for
working
on
backdrop
modules
in
the
last
week,
we
had
a
couple
of
security
updates
for
kinship
projects
and
a
new
project
prism,
which
was
just
released
yesterday.
A
Weighted
related
to
the
website
backed
up
CMS
to
org.
We
have
updates
for
the
magis
names
and
layout
pages
and
the
tugboat
installer
that
we
covered
in
the
last
meeting.
So
we're
not
going
to
do
that
again,
but
we
have
a
new
issue
here:
issue
number
501
to
talk
about
our
security
release
policy.
This
is
something
we
had
a
pmc
vote
on
two
weeks
ago
and
we
just
need
to
figure
out
how
to
properly
document
that
decision
somewhere
on
our
website.
A
So
we
just
need
to
figure
out
where
to
do
that,
and
I
also
thought
it
might
be
nice
to
write
a
blog
post
about
security,
along
with
the
update
that
we
could
kind
of
drive
you
people
to
hey,
here's
all
of
the
information
about
security,
and
we
could
also
include
information
about
the
security
team,
in
particular
how
we
handle
security
releases
to
can
trip
just
so
that
all
of
this
information
is
out
there
and
publicly
available
where
people
can
find
it.
Does
anyone
have
any
suggestions
as
to
where
we
should
put
this
stuff.
B
D
B
B
A
So
the
way
it
has
been
going
is
there's
people
who
actually
see
the
drupal.org
issues
and
I
think
right
now,
that's
only
neat
and
then
there
are
people
who
helped
get
the
Drupal
thing
ready
for
a
backdrop,
and
so
far
we
have
like
six
or
so
people
who
help
like
apply
the
patch
test.
The
patch
J
Franklin
will
apply
it
to
silkscreen
and
we
get
a
feedback
on
it
that
way.
A
A
The
contribs
I
think
is
a
little
different,
because
the
core
security
stuff
is
always
done
before.
Drupal's
announcement
comes
out
and
then
we
co
release
at
the
same
time
or
at
least
attempt
to
get
it
as
close
as
possible,
sometimes
just
a
couple
of
hours
difference,
but
we
usually
get
out
on
the
same
day.
The
contribute
thing
rather
than
being
proactive
is
reactive,
as
we
talked
about
last
week,
where
we
have
people
who
keep
an
eye
on
all
the
security
updates
that
come
out
every
week
and
notify
people
who
dr.
A
up
maintained,
airs
if
their
projects
have
updates.
Now
we
go
one
step
further,
will
actually
issue
a
security
update
for
those
context
if
the
maintainer
is
unreachable,
and
so
that
could
be
a
completely
separate
group
of
people
from
who's
testing
the
core
patches,
but
I'm,
not
sure
there
are
very
many
people
who
are
different
right
now.
Yep
I.
B
C
C
B
C
B
C
D
B
Know
I'll
have
to.
We
will
be
doing
the
checking
so
long
as
they
tell
us
that
there
is
a
problem
with
a
specific
detail,
torque
module
and
then
we'll
be
doing
the
check.
So
I
know
that
they
individually
contact
the
maintainer
of
the
module
that
has
the
problem.
All
I'm
asking
is,
if
they
could
just
see,
see
a
group
of
a
couple
of
us
with
every
module
and
then
we
can
go
and
check
if
the
module
has
been
ported
if
it
hasn't
been
ported
that
way,
you
know
the
message
completely.
B
C
I
think
I
think
I,
don't
think,
there's
that
granularity
I
think
that
they
would
that
whoever
that
would
be
would
just
need
to
be
a
full-fledged
Drupal
security
team
member
to
be
a
tab,
access
and
all
those
things
which
I
mean
they're.
Probably
fine
with
I
mean
the
more.
The
merrier
has
always
been
the
kind
of
policy
on
security
people
as
long
as
people
are
trusted
that
they
want
as
many
eyeballs
as
possible.
B
Yeah,
so
the
reason
why
he
was
suggesting
that
it
could
be
a
couple
of
us
is
that
we
don't
have
a
single
point
of
failure.
So
if
someone
is
on
holidays
or
something
it
still
gets
picked
up,
so
money
has
more
chances
and
why
I
said
one
or
two
are
not
more
is
so
that
we
do
not
risk
in
creator
sensitive
information
being
sort
of
like
disclosed
to
more
people
than
he
has
to
yeah.
C
Also,
the
one
I
mean
I
like
to
show
coordination
with
the
Drupal
community,
but
I
also
like
to
not
fill
up
their
issue
key
with
noise.
You
know,
like
usually
I,
only
post,
one
comment,
maybe
two
into
any
security
issue,
just
say:
here's
the
corresponding
backdrop
release,
or
you
know
things
like
that,
just
to
make
it
just
to
show
that
there
was
some
visibility
into
that.
C
B
C
Yeah
I
think
I
think
if
we
can
select
individuals
to
say
we
would
like
permission
for
these
people,
then
we
can
give
that
a
shot
and
I
will
probably
need
to
come
from
me
because
they're
they're,
the
ones
that
they
think
of
backdrop.
As
being
me,
as
far
as
the
security
stuff
is
concerned,
but
I'm
feeling
what
the
process
for
that
will
be
will
be
just
sending
an
email
to
security
at
drupal.org
and
just
saying
hey:
can
we
do
this
yeah
yeah.
A
C
B
And
on
like
on
our
end,
I
think
it
surface
might
be
the
same
who's,
not
a
man.
You
say
that,
but
on
my
end
like
this
is
what
I
do
for
my
ages
here.
I
always
keep
an
eye
on
security.
Things
I'm
I
might
not
be
fixing
things,
because
my
neighborhood
knowledge
is
not
that
but
I'm
the
one
that
sort
of
like
notifies
customers.
We
we
get
approvals.
B
We
release
the
parties
or,
at
the
same
time,
I'll
be
doing
the
same
thing
for
country
so
yeah
and
at
the
same
time
as
I,
say
that
I
don't
want
to
be
a
single
point
of
failure.
So
so
what
would
be
the
next
step?
Would
be
you
mate,
requesting
access
for
the
three
of
us.
You
said
from
the
security
team
yeah.
C
You
have
to
have
already
gone
through
the
get
acceptance
process,
your
favorite
vulnerability
and
why
recommendations
from
security,
existing
security
team
members,
the
kind
of
work
you're
gonna,
do
an
expectation
of
how
much
work
you
will
how
many
hours
per
month
you'll
be
able
to
contribute.
Did
you
did
you
actually
go
through
that
night
or.
B
A
A
C
Yeah,
it
actually
says
that
the
review
process
is
you,
the
email
is
sent
to
the
security
enter
valid
org
at
least
two
security
team
members
validate
the
application
and
nobody
raises
concerns,
and
then
you
become
a
provisional
team
member
and
then
eventually
you
become
a
full
team
member
and
actually,
in
reality,
I'm
not
a
full
drupal.org
security
team
member
I'm,
provisional.
It
just
so
happens
that
they
provisionally
include
me
on
every
core
issue:
yeah.
B
B
C
A
Might
be
good
before
we
start
going
through
this
process
if
we
sent
like
a
private
emails
like
Michael,
House
or
something
and
said
like
hey,
do
you
think
there's
any
chance?
This
will
work
and
then,
if
he
says
yes
well,
then
we'll
open
tickets
for
like
each
of
the
three
of
us
and
be
like
okay,
here's
what
we're
planning
on
doing
or
whatever,
but
at
least
that
way
we're
not
like
jumping
through
all
of
these
hoops
ahead
of
time
to
be
like
for
them
to
be
like.
C
C
Just
the
normal
slack
channel,
Drupal,
okay,
yeah,
that's
actually
do
a
fair
amount
of
coordination
via
that,
just
like
directly
over
the
slack
channel
as
well.
I
think
there
is
a
security
slack
channel
as
well.
Actually,
maybe
not,
though
I
it's
a
mess.
I
think
that
I
think
there's
both
the
IRC
and
the
slack
channel
and
really
communications
have
gotten
really
cruddy
because
of
the
split
now,
because
some
people
are
in
each
place
and
and
the
discussion
happens
both
places
every
single
release.
It's
a
big
mess.
Okay,
there.
A
B
B
C
E
A
E
F
A
C
Count
exactly,
but
essentially
they
now
are
the
checking
account.
Okay,
interesting,
yeah
and
I
actually
think
that
they
do
something
funny
like
it's
not
like.
They
wouldn't
sign
into
any
kind
of
online
account.
I
think
that
they
would,
you
know
their
preferred
thing,
is
sending
a
check
or
any
check
like
per
request,
essentially.
A
A
A
C
Alright,
so
let's
see
one
twelve
four
against
the
next
bug
fix
release
of
backdrop,
and
we've
got
a
number
of
issues
that
we've
got
highlighted
here
for
being
addressed
as
soon
as
possible.
There's
some
more
RTL
issues,
there's
now
actually
a
pull
request
on
ckeditor
icons.
The
arrangement
of
the
toolbar
for
seek
editor
is
issued.
3504,
there's
now
a
poor
quest
there
that
needs
review.
C
We
don't
have
any
updates
on
supporting
multiple
equivalent
security
releases.
3524.
Isn't
that
issue
no
updates
they're
a
kind
of
regression
from
111
once
we
had
an
options
element
in
decor.
If
you
have
options
element
enabled
prior
to
your
upgrade,
then
you
can
get
a
fatal
error,
because
the
same
function
is
defined
twice
that
issues
3485
still
needs
a
pull
request
on
that
issue.
C
Let's
see
layout
clone
breaks,
layouts
issue,
2673,
there's
a
pull
request
that
corrects
the
issue
but
needs
tests
and
that
same
category
of
things
that
needs
tests
PBO
exception
when
image
is
missing
on
disk,
is
issued.
3462
herp
derp
will
created
a
test
for
that
issue,
but
he
said
he
can't
actually
reproduce
the
initial
problem,
which
actually
has
been
the
case
for
me
as
well,
and
so
we
haven't.
C
C
C
C
Let's
see
and
lastly,
for
bug
fixes
that
are
being
called
out.
Contextual
links
for
editing
views
is
issue
2690,
sometimes
those
view
links
or
the
contextual
links
aren't
accessible
like
they're,
hidden
beyond
the
toolbar
at
the
top
of
the
page.
So
no
updates
there
still
needs
work.
I
think
that
yeah
needs
work,
there's
kind
of
a
proposed
to
thank,
but
we
we
don't
think
it
might
be
the
right
direction.
C
C
C
B
Well,
other
ones,
but
I
might
need
some
help
with
what's
going
on
with
a
CSS,
with
that
entire
issue
for
security
to
the
the
icons
so
I
have
found.
So
you
basically
my
pull
request
currently
fixes
the
icons
themselves,
but
then
there's
some
CSS
issues
where
they're
sort
of
like
with
a
padding
of
them
and
I've,
found
the
offending
sort
of
like
CSS
entry,
which
is
it's
coming
from
seven.
B
C
Eight
okay,
so
113
113
is
the
next
minor
release
that
will
be
coming
up.
May
15th
2019
with
the
future
freeze
on
May
1st
we've
got
four
issues
that
we've
got
called
out
here
to
go
over
in
agendas,
telemetry,
dashboard,
config,
translation
and
package.
Signing
of
those.
Let's
see
telemetry
there
aren't
any
substantial
updates.
There's
some
more
brainstorming
ideas,
dashboard
Jen.
We
want
to
talk
about
dashboard,
sure.
A
I'm
doing
a
link
in
the
hangout
chat,
but
it
I
did
a
lot
of
work
on
that
last
week
on
the
planes
it's
really
fun
and
then
Gregory
happened
to
be
working.
At
the
same
time
when
he
saw
my
work-
and
he
gave
me
all
of
this
detailed
feedback
which
I
think
I've
addressed
all
of
it.
So
it's
ready
for
more
review
laughing.
F
A
I
also
added
the
available
updates
block.
So
if
you
guys
have
thoughts
about
how
that
information
should
be
formatted
and
definitely
open
to
suggestions
on
that
and
I
think
other
than
that,
everything
is
good.
To
go.
I
haven't
looked
at
the
config
forums,
Gregory,
so
I
know
you
mentioned
there.
Some
issues
there
that
probably
was
just
all
ported
from
the
other
module
invidious
to
be
updated.
So,
for
example,
I
think
that.
B
Yes,
so,
as
I
said,
it's
a
it
looks
pretty
good
and
you
can
go
in
sort
of
like
a
Z's
after
we
fix
those
minor
issues
here
in
there.
It's
just
that
there's
so
many
the
things
that
I've
noticed
that
I
thought,
instead
of
just
telling
you
pointing
where,
where
things
are
wrong
sort
of
like
perhaps
I'll
file,
a
pull
request
against
your
brands,
yeah
I
may
need
to
review
it.
Yeah.
A
B
B
A
D
C
Okay,
cool
see
anybody
that
has
additional
feedback,
please
supposed
to
issue
495.
They
should
potentially
so,
let's
see
in
the
world
of
translatable
config
strings,
34
55.
We
still
have
this
great
for
requests
that
gets
started
on
us,
adding
config
strings
to
config
files
and
adds
the
translatable
strings,
I
think
for
the
main
site,
settings
like
logo
or
slogan
and
site
name
as
well
as
email,
says:
issue
34
55,
there's
a
poor
request
there.
C
They
could
use
review
and
package
signing
issue
1992,
there's
two
different
proof
of
concepts
there
that
have
been
put
together,
both
of
which
need
some
review
and
feedback,
let's
see
also
in
the
113
lists.
Just
while
we're
on
this
topic,
we
didn't.
We
haven't
called
this
issue
out,
but
we
did
add
a
new
feature
just
earlier
today.
That
was
our
TBC.
C
That
translation
module
now
makes
it
so
that,
if
you
have,
if
you're
using
content,
translation
and
you
place
an
existing,
the
existing
content
block,
you
may
now
include
the
translated
version
of
that
contents
matching
the
current
site
language.
So
that's
handy
so
now
you
can
place
one
block
on
a
piece
of
content
and,
depending
on
the
site
language,
it
will
show
the
corresponding
translated
piece
of
content
on
that
in
that
area.
So
that's
nice
and
it's
all
good
for
the
113
status.
C
A
So
right
now
we're
in
a
situation
where
we
have
one
project,
it
has
a
security
release
that
isn't
marked
as
having
a
security
release,
because
the
security
release
is
technically
on
a
separate
project
node,
and
so
there
are
a
bunch
of
people
who
are
running
the
insecure
module
and
maybe
have
no
idea.
So
I
was
wondering
how
we
solve
this
problem
like
now
that
we
have
a
secure
release
for
this
project.
A
Should
we
create,
like
another
release
like
change
the
name
back,
create
another
release,
change
them
forward
and
then
have
a
really
so
at
least
the
people
who
are
running
the
old
module
know
that
it's
insecure
or
do
we
not
change
the
name
at
all
and
have
some
policy?
That's
like
you
can't
change
the
title
of
your
project
node,
but
github
lets
you
do
it
anyway,
so
we
can't
actually
put
my
people
doing
that.
B
A
B
If
we
fix
the
project
module
to
always
come
the
dust
is-
and
this
was
we
wouldn't
have
that
problem
in
the
first
place.
So
if
we
enforce
that
all
projects
use
underscores,
that
would
be
good.
So
that's
step
one
and
then
the
other
thing
is.
We
need
to
find
a
way
to
merge
those
two
project
nodes
and
their
releases
into
one.
B
A
D
A
B
So
the
other
thing
that
this
can
work
is
like
we,
because
no
one
has
downloaded
the
new
version
with
the
other
schools.
Yet
these
will
remove
that
temporarily
the
release
in
the
entire
project
node,
and
then
we
change
the
existing
one
with
a
disease
to
others
course,
and
then
we
merge
the
release
from
the
other
one
there
once
it
hasn't
disclosed.
A
A
Oh,
that's
fine
too
had
underscores.
So
that's
why
the
module
name
was
easy
to
change
on
Drupal.
Certainly
all
the
code
is
underscore
we'll
just
underscore
the
folder
and
actually
on
Drupal.
That
worked.
If
you
look
in
the
github
repository,
the
Drupal
8
folder
has
underscores
the
triple7.
Folder
has
hyphens
I,
don't
know
they
did
that.
That
was
a
big
mess,
because.
A
C
We
do
like
update
module
in
core
supports,
you
know,
modules
being
considered
unsupported
or
insecure.
You
know,
so
we
could
mark
the
node
on
backdrop,
CMS
org,
the
one
with
hyphens
as
being
unsupported,
and
that
would
just
flag
it
in
update
module.
Is
you
know
having
a
big
warning
sign
saying
this
thing
is
not
supported
and
then
it
links
over
to
the
issue
page
and
then
on
the
issue
page,
we
could
say
you
should
delete
that
module
and
use
this
one.
C
But
I
think
the
vocabulary
still
doesn't
do
it,
because
our
feed
doesn't
take
into
account
that
vocabulary.
So
we
need
to
make
an
update
to
the
project
release
module.
That
makes
it
so
it
pulls
that
flag
that
that
status
from
someplace,
because
right
now
it
doesn't
it
right
now
it
only
supports
like
like
published
and
unpublished.
I
think
sorry.
G
A
D
A
B
Big
mess
for
independent
of
that
specific
use
case
I
think
that
we
should
have
it
that
so
that
either
the
packaging
script
or
what
the
project
module
refuses
to
create
create
nodes
when
they
have
dashes
yeah,
if
the
refuses-
or
it
just
replaces
them
with
underscore.
So
we
don't
have
such
a
mess
in
the
future.
C
Repository,
so
it's
not
it's
not
part
of
Project
mantra,
but
bankruptcy
messed
org
itself.
It
has
a
file
that
does
the
packaging.
You
know
where
it
modifies
the
info
file
and
stuff
like
that,
and
that's
not
a
project
Pancho.
That's
a
custom
module
on
backtalk
semester,
org
that
modifies
the
process
before
the
package
happens,
and
we
already
do
things
to
like
make
sure
that
a
module
type
is
specified
in
the
dot
info
and.
D
C
Like
that,
and
if
not
then
it
it
returned
instead
of
making
a
package
on
backdrop,
CMS
org
and
making
a
packages
package
on
github
and
making
a
package
is
required
for
the
node
to
be
created
the
first
time.
If,
if
there's
a
problem,
then
it
instead
of
uploading
a
package,
it
uploads,
this
package,
errorlog
dot,
txt
file
to
the
project
and
we
should
just
add
an
extra
validation,
they're
saying
the
project
name
has
to
include
only
underscores
and
it
would
refuse
to
make
packages
in
the
future
yep.
C
C
G
B
A
C
C
B
C
C
B
C
B
A
B
A
A
C
A
A
I
think
that
was
it
for
everything
we
had
to
talk
about
today.
So
thank
you
guys
for
helping
us
sort
that
out
anything
else.
Anyone
wants
to
add
Justin's
here
Justin,
we
talked
I'm,
not
sure
if
you're
actually
listening
or
not,
but
we
did
talk
a
little
bit
about
the
Leonard's
in
the
last
meeting.
Oh
glad
you're
here
here
and
Nate
had
an
idea.
A
C
C
H
C
C
H
C
C
Know
I
know
a
lot
of
people
have
had
trouble
with
certify,
which
is
you
know,
Letson
for
other
people.
That's
for,
let's
encrypt
for
basically
free
SSH,
keys
or
sorry
and
I
know.
In
the
past,
we've
had
some
problems
with
it
with
engine
X.
So
if,
if
that,
if
that
proves
to
be
problematic,
you
know
we
have
the
certs
off
the
old
site.
We
can
just
continue
using
them
for
the
time
being,
but
this
is
a
good
opportunity,
because
every
time
the
certs
run
out
we're
always
like.
H
C
I
I
would
guess
so
as
well.
Yeah
cool
well!
Thank
you
so
much
Justin
for
for
putting
forward
so
much
effort
on
that.
That's
very
exciting
I
mean
our
current
version
of
PHP
is
5/4,
which
just
seems
atrocious
in
this
day
and
age,
but
unbelievably
new
install
of
Red
Hat.
That's
still
the
current
version
like
even
though
the
latest
version
latest
stable
at
Red
Hat.
It's
still
the
current
version,
yeah.
B
B
We
have
exceeded
the
time.
I
just
want
to
quickly
bring
up
another
letter
and
just
quickly
get
a
feel
for
what
people
feel
like
about
basis.
I
have
suggested
in
the
past,
I'm,
not
sure
if
I
have
added
a
ticket
for
it,
that
we
should
ship
core
with
at
least
an
extra
layout
for
context,
node
slash
percentage
so
that
people
can,
because
it's
easier
for
people
to
enable
and
play
with
things
and
configure
them,
rather
than
build
them
from
scratch.
B
And
now
another
use
case
possible
use
case
for
a
layout
came
up
with
the
login
page,
where
yeah
you
need
to
follow
that
issue
too,
to
have
a
clue
but
yeah
in
general.
How
do
people
feel
about
another
couple
of
layouts
being
added,
even
disabled?
If
not,
you
know
food
on
when
I
enforce
them
to
people
chipping
with
core.
That's
what
I
mean.
C
Yeah
I
agree:
I
think
it's
natural
that
people
typically
will
try
to
add
a
layout
at
like
no,
it's
flash
ten.
You
know
because
they
think
oh
I
want
to
add
blocks,
but
they,
like
so
little
I,
mean
I.
Think
there's
an
issue
for
that
as
well
like
making
that
easier,
but
yeah
it
would
be
it
would.
We
would
avoid
the
problem
in
the
first
place.
Isn't
it
so
yeah.
B
D
B
Yeah
I
was
actually
I
was
actually
thinking,
but
this
might
break
people's
sites,
so
it
would
be
actually
a
use
case
to
have
the
post
spider
use
that
layout
and
have
the
image
be
on
the
sidebar
or
something
like
that
who
are
bio.
It
would
make
an
excellent
out-of-the-box
use
case
of
Harriet
and
use
fields
as
blocks.