►
From YouTube: Backdrop Weekly - Oct 11th
Description
Today’s development agenda: http://bit.ly/2OBRQzc
A
All
right
we
are
on
air,
it
is
Thursday
October
11,
and
this
is
a
meeting
to
check
in
on
active
development
tests
for
backdrop
CMS
before
we
get
into
the
project
itself.
I
just
wanted
to
thank
everybody.
Who's
been
working
on
all
of
the
new
beauty
tips,
module
ports,
keeping
the
Jeff
repens
legacy
alive.
A
We
mentioned
pre
meeting
and,
if
you're
interested
in
hearing
about
how
things
are
going
for
the
backdrop
CMS
Network
update,
you
can
watch
the
design
meeting
which
we
had
about
an
hour
ago,
where
we
chatted
about
how
we
need
some
more
help
with
that,
let's
see
so
that
is
all
we
have
for
non
product
related
issues.
So
I
want
to
turn
it
over
to
me
to
talk
about
backdrop
releases.
B
Hey,
yes,
okay,
so
lots
of
things
are
happening
in
the
world.
With
backdrop,
first
of
all,
we
had
a
release.
Yesterday,
wait
a
bug-fix
release,
the
one-one-one
release,
or
one
11.1
is
as
it
is,
which
is
kind
of
exciting.
That
won't
happen
again
until
we
release
2.22
2,
so
that
could
be
a
while.
So
the
security
released
yesterday
it
was
the
first
bug-fix
release
for
the
1.11
branch
and
normally
we
release
a
1.11,
or
we
really
saw
a
bug-fix
release
a
couple
weeks
after
the
release
of
a
minor,
but
it's
been
almost
a
month
now.
B
Actually
we
just
didn't
encounter
any
substantial
bugs
of
note
in
the
1.11
release,
which
hey
that's
awesome,
so
it
also
kind
of
something
interesting
of
note
is
that
the
Wanda
11.1
release
yesterday
we
had
an
independent
security
researcher
contact
us
about
the
the
security
hole
that
was
found
in
backdrop.
It
was
just
an
XSS
which
is
one
of
the
most
common
forms
of
security
holes,
which
was
great
first
of
all
that
he
audited
backdrops.
Specifically,
this
wasn't
something
that
was
a
side
effect
from
Drupal.
So
thank
you
very
much
for
doing
that.
B
Audit,
but
also
it
was
very
keen
on
getting
a
CVE,
an
hour
reported
on
it
and
we
haven't
been
doing
CVEs
explicitly
prior
to
this
release.
So
we've
been
doing
security
announcements
where
we
announce
it
on
back
to
FCMs
org,
but
we
have
not
been
acquiring
CDE
IDs,
which
is
kind
of
like
a
global
canonical
list
of
security
issues
across
all
in
theory,
all
software.
So
we
did
request
our
first
CVE.
We
haven't
actually
received
the
ID
at
that.
B
B
B
One
of
them
is
that
basis
is
now
colorize
about,
but
does
not
include
any
predefined
color
schemes,
and
so
we'd
like
to
include
some
out
of
box
color
schemes
for
basis
and
because
this
is
a
UX
improvement,
we
will
include
it
in
a
bug
fix
release.
So
3209
is
that
particular
issue.
There's
been
a
request
that
we
run
it
through
an
accessibility,
checker
and
also
if
anyone
wants
to
lend
a
design
eye.
That
would
also
be
appreciated.
B
Let's
see
also
related
color
module
there.
The
colored
preview
does
not
work
correctly
in
Safari,
and
that
issue
is
3295
and
I.
Don't
think
that
there's
been
any
progress
on
this
other
than
we've
now
been
able
to
confirm
that
the
issue
exists,
but
there's
no
pull
request,
no
development
work
at
all.
Yet
on
that
one
so
3295
any
Mac
users
that
are
out
there
that
want
to
make
an
improvement
to
the
safari
experience
of
backdrop,
please
I
take
a
look
at
3295.
C
E
B
E
B
B
These
are
only
tentative
at
this
point.
We
could
potentially
add
additional
functionality,
but
right
now
we've
got
four
items
to
pull
out
here
for
the
1.12
release
that
we're
working
towards
the
first
one
is
core
updates
working
towards
automatic
updates.
The
meta
issue
for
that
is
2018
and
the
area
where
most
excitement
is
happening
is
in
issue
414,
which
is
where
jeff
has
been
working
on
making
it
so
that
we
expose
the
user
interface
for
doing
updates
and
also
add
in
the
automatic
portion
of
things.
B
B
Can
test
inks,
you
mean
yeah
I
tried
it
out
right
before
the
meeting
totally
worked,
so
that
was
very
exciting,
so
I
turned
off
its
installer
settings
that
Jason
the
config
file,
where
the
flag
is
that
currently
has
it
disabled
in
the
user
interface
to
prevent
you
know,
end
users
from
accidentally
accessing
something
that
might
not
totally
work
yet
but
yeah.
It
worked
pretty
well,
it
does
loop
around
through
a
bunch
of
like
authorized
PHP
and
it
doesn't
run
the
updates
for
you.
It's
not
the
same.
B
It's
not
quite
the
smooth
the
process
as
installing
a
new
module,
because
the
honestly,
the
module
updater
has
always
been
pretty
clunky
so
anyway,
but
it
is
exciting
that
the
the
basic
functionality
works
well
and
that's
that's
totally
awesome
Jeff.
Do
you
want
to
give
an
update
on
414?
If
there's
been
any
progress
there,
I.
F
B
Cool
go
off
awesome!
Okay,
let's
see
another
issue
related
to
this.
Well,
there's
a
bunch
of
them
in
2018
the
meta
issue
package
signing
issue
1992.
We
don't
have
any
further
updates
on
that
one,
so
I'm
not
going
to
rehash
that
one
again,
there's
also
Oh
issue
3208,
which
is
removing
authorise
dot,
php'
or
defecating
it.
B
If
we
follow
through
with
this
approach,
it
probably
would
streamline
that
user
interface
for
updating
modules
per
site,
updating
cord
that
I
just
mentioned
that
when
I
ran
through
it
locally,
it
redirects
you
all
over
the
place
prior
to
actually
doing
the
update
and
it's
not
not
entirely
intuitive
because
it
looks
like
updates,
have
been
applied.
But
then
then
it
asks
you.
F
B
E
B
B
A
B
So
that
one
is
probably
ready
for
some
code
review,
we've
had
a
lot
of
back-and-forth
that
in
quarrel
solid
bone,
the
direction.
Finally
and
the
implementation
is
it's
fairly
simple,
so
that
issue
number
37
makes
it
so
that
modules
have
tags
and
they
got
info
files.
And
initially
this
is
only
going
to
be
used
in
the
backdrop
modules
page,
but
it
will
eventually
be
used
for
the
module
installer
browser
to
find
here
modules
and
probably
on
the
modules
pages
themselves,
on
doc,
top
CMS
org.
B
A
Looks
really
great
I
just
took
it
first
then
in
the
sandbox,
and
it's
really
intuitive.
If
you're
just
gonna
type
in
a
bunch
of
items,
you
can
tab
through
all
the
fields
which
is
really
handy
too.
I
just
left
a
couple
of
little
minor
UX
recommendations
for
the
interface
now
that
we
have
sort
of
a
big
interface
with
new
options,
but
I
think
it's
a
huge
improvement
over
what
we
have
now.
A
So
I'm
really
excited
to
see
that
going
that
vertical
pipe
thing
was
always
something
that
seemed
very
half
done
to
me
in
drupal,
where
it's
like.
Oh
here's,
an
interface
where
you
can
enter
things,
but
you
can't
really
enter
them
cleanly
and
options
all
might
fix
that.
So
getting
this
done
for
all
fields,
I
think
it's
going
to
be
a
huge
improvement
just
making
the
excellent
finish.
Yeah.
B
G
B
B
B
The
large
concern
there
is
that
so
a
massive
amount
of
code,
good
making
my
files
feel
double
is,
is
a
large
undertaking.
There's
also
one
question
of
a
potential
API
change
in
there
regarding
the
path
that
gets
returned
on
a
file
URI
when
you
use
the
or
I
method,
and
so
that's
an
outstanding
question
that
needs
to
be
addressed.
I
know
when
Mike
McCaffrey
was
doing
his
reference
field.
He
actually
found
that
a
reference
module.
B
B
That's
it
for
the
core
updates
rolling
along
on
things.
You
know.
The
core
updates
in
particular
are
just
really
pretty
awesome.
Now
that
we
have
the
ability
to
test
those
adequately
and
yeah.
That's
that's
really
pretty
fantastic
I.
Just
is
a
personal
aside.
I've
been
working
on
my
website
for
my
brother,
who
has,
coincidentally
a
Drupal
7
site
that
is
installed
on
an
Italian
shared
hosting
company
and
had
Drupal
7
installed
with.
B
What's
that
word
Softaculous,
sorry,
Jen,
you're
nodding
so
I
think
I
got
it
right.
Yeah
yeah
the
software
that
basically
aggregates
a
bunch
of
free
software
and
makes
it
so
you
can
install
it
because
this
site
doesn't
have
doesn't
have
any
any
SSH
access,
so
no
get
just
FTP
and
I'm
just
like
realizing
how
much
of
how
impossible
it
is
to
manage
a
Drupal
site
or
a
backdrop
site
for
that
matter
with
just
FTP.
It
is
just
really
difficult.
B
Drupal
had
the
ability
to
update
core
itself,
it
would
have
made
life
a
little
bit
easier
for
myself
or
its
doll
modules
from
the
user
interface
or
do
all
kinds
of
things
that
we
haven't
backed
up.
So
it's
interesting
to
see
the
problems
that
Drupal
has
had
for
a
long
time
not
really
affecting
us
or
affecting
us
less
or
we
are
working
towards
solutions
for
these
particular
problems.
B
So
just
kind
of
funny
that
you
know
I
don't
normally
work
on
websites
of
that
type,
but
having
inherited
one
I
realize
yeah,
look
at
that
that
that
target
person
struggling
with
their
website
and
we're
trying
to
promote
the
solution
for
that
so
anyway,
just
non-sequitur
just
ran
into
all
of
these
things.
That
would
be
nice
to
have.
If,
if
it's
for
a
back
to
our
website-
and
maybe
it
will
become
a
backdrop
website
in
the
near
future-
we'll
see
so
that's
it
for
the
core
updates
Jeff.
F
B
A
A
That
could
be
GPL
three,
but
not
GPL
two,
and
so
he
was
recommending
that
we
softened
the
requirements
around
licensing
on
contribu
in
the
core
might
need
to
stay
the
same,
and
that
would
improve
the
types
of
kinship
stuff
we
could
get
and
make
it
easier
and
contribute.
Oliver's,
like
being
pay
said
that
all
the
same
way,
he
said
that
last
week
of
anyone
was
here
last
weekend
remembers
what
he
said.
Hope
you
trust
me.
D
A
B
Yeah
I've
always
felt
that
these
things
are
I
mean
they're,
they're
important,
but
they're.
Also
at
the
same
time,
well
read
you
know
esoteric,
you
know
so
yeah
I
think
actually
I
like
that.
We're
not
locking
ourselves
in
for
core
and
I
do
feel
like
contribute
have
that
freedom,
and
so
at
first
blush
I'd,
say
yeah.
This
looks
looks
like
a
good
idea
and
then
beyond
that
I'd
probably
say
you
know,
I'm,
really,
not
a
licensing.
B
Ups
expert,
so
I'd
like
to
defer
to
those
that
have
more
experience
like
Kevin,
for
example,
on
you
know
what
we
should
do
here
so
I
think
it's
the
proposal
sounds
pretty
good.
Looks
like
you
made
a
PMC
issue
as
well
Jim,
so
I
guess
we
can
discuss
it
further
amongst
PMC,
but
I
probably
am
NOT
going
to
be
able
to
comment
like
decision-making
lights
on
on
this
a
short
notice,
okay,.
A
I
just
wanted
to
make
sure
you
didn't
like
have
some
specific
feeling
about
to
purchase
three
that
I
wasn't
aware
of,
but
yeah
I
think
in
general
we
all
were
like
yeah.
That
sounds
like
a
good
idea,
so
I
open
a
PMC
issue,
I
think
right
now
it's
tight.
It's
open
for
discussion.
So
if
anyone
wants
to
chime
in
on
that,
they
can
and
we'll
try
and
consult
Kevin
as
necessary.
But
I'm
gonna
be
questions
about
it.
Specifically
that
means
or
J.
B
H
The
you
you
wouldn't
be
able
to
without
changing
the
license
all
right
and
that
that
that
is
an
issue,
and
so
Drupal's
is
GPL
2
or
later
giving
them
the
freedom
to
change
in
either
direction
at
any
time,
but
then
only
hosting
GPL
to
on
on
drupal.org,
and
so
it
it
definitely
simplifies
things,
but
it
also
restricts
things
and
the
same
type
of
things.
If
you
read
about
the
you
know,
Redis
common
clause,
I,
don't
know
how
to
describe
that
their
attempt
to
monetize
their
their
code.
H
So
that
you
can
make
it
more
complicated,
but
I
I
feel
like
WordPress.
Is
approach,
hasn't
gotten
them
in
legal
trouble
and
has
allowed
their
contributors
just
there's
just
a
lot
going
on
there
and
there.
It
doesn't
cause
too
many
problems,
but
you're
totally
right
that,
if
something
you
know
was
leveraging
an
apache,
2
library
and
you
wanted
to
bring
that
into
core
and
the
Mott
and
the
module
was
being
distributed
as
GPL
3.
Because
of
that
you
wouldn't
be
able
to
do
that,
but
you
wouldn't
be
able
to
do
it.
H
B
You
otherwise
yeah
I
think
that
that
was
more.
What
I
was
thinking
and
I
said
we
don't
want
a
module
to
be
GPL,
3,
no
particular
reason
without
any
dependencies
in
the
event
that
that
module
became
a
candidate
for
Cork.
We
wouldn't
want
to
have
to.
You
know
deal
with
oh,
but
this
is
GPL
3,
and
so
we
can't
include
it
even
though
there
was
no
particular
reason
for
it,
so
I
think
I
think
you're
right
it.
B
We
should
encourage
people
strongly
to
do
GPL,
2
or
later
to
make
it
so
that
we
have
that
flexibility
to
incorporate
into
core
later.
But
if,
if
there's
a
reason
like
a
dependency
on
Apache
2
library,
especially
if
it's
bundled
then
yeah
allow
them
that
flexibility
that
sounds
great
and
and
yeah
I
think
we
can
update
our
documentation
to
say
that
and
when.
B
E
E
So
that's
that's
what
they're
gonna
do,
but
that's
not
the
case,
so
babe
I
think
like
in
my
head.
Is
it
feels
better
to
still
leave
the
GPL
2
as
a
default
from
what
I've
heard
from
you
guys
with
a
note
somewhere
saying
that
if
you
do
absolutely
require
to
go
GPL
3,
then
by
all
means,
but
that
state
but
state
the
stakes
after
doing
that,
like
yeah,
possibly
running
into
troubles,
if
you
want
to
imagine
the
core
and
so
on
so
forth,.
G
Okay,
can
I
ask
a
quick
question:
a
typical
corn
I
mentioned
this
and
get
a
Drupal
core,
and
somebody
was
asking
about
backdrop
in
the
technical
future.
The
only
thing
we
had
was
the
roadmap,
but
there's
not
very
much
on
the
roadmap.
I'm
just
wondering.
Is
there
more
somewhere
else
or
does
I
don't
know
it?
Would
it
would
it
be
useful
for
us
to
have
a
better
document
or
to
think
more
about
the
longer-term
future?
This
beyond
1.1.
B
G
D
B
So
I
think
that
would
be
a
good
starting
point
at
least
to
make
it
so
that
I
mean
if
those
things
are
important
in
the
past
they're
from
waste
important
now,
but
things
beyond
that.
I'm,
not
sure
you
know
like
what
other
things
are
really
are
critical
for
us
and
yeah
I.
Think
you
then
I'd
mention
that's.
You
know
that
could
be
an
opportunity,
while
we're
all
in
person.
B
E
E
There
was
something
that
we
like
I
know
that
there's
initiatives
for
d8
for
these
things,
but
because
they're,
huge
undertakings
and
we're
a
small
group
they
just
sort
of
like
in
the
backlog
waiting
for
the
opportunity,
I'm,
not
sure
if
the
roadmap
with
references
always
but
I
definitely
know
that
it.
It
states
the
the
intention
of
helping
with
multilingual.
B
E
Yeah
I'm
actually
I'm,
actually
looking
at
the
at
the
roadmap
right
now,
and
it's
this
four
items:
they're
automatic
security
update,
which
is
happening,
multilingual
or
reduced
thing
complexity,
I'm,
not
sure
what
that
meant,
and
then
more
systems
moved
into
configuration
also
be
including
menu
links
and
module
state.
These
are
the
four
items.
Currently
there.
B
E
E
A
I
think
could
happen
in
the
1
to
X
cycle
now
so
I
don't
know
if
we
should
have
like
a
list
of
like
things
leaking
doing
one
by
X
and
then
things
we
can't
do
until
June,
because
I
think
that
we
used
to
think
there
was
a
lot
we
couldn't
do
until
2
and
we're
discovering
that
there's
a
lot.
We
can
actually
do
on
one.
So
that
might
be
something
we
should
revisit
so
yeah.
E
Think
that
that
the
consensus
was
that
anything
that
was
consisting
concerning
a
napi
break-ins
luck
was
API,
additions
are
allowed,
but
everything
that
constitutes
a
an
API
break-ins.
Then
we
moved
that
to
2.0
and
I.
Think
there
was
mention
of
a
car
remember
where
it
was
not
necessarily
API
changes,
but
there
was
discussions
about
changing
the
menus
or
the
paths
of
violence
gen
that
we
moved
so
yeah.
There
were
some
items
that
we're
definitely
pushed
for
that
2.0
2.0.
Because
of
that.