I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 10 posts from the blog 'Drupal.'
Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!
I recently shared the community needs and potential strategies for evolving community governance, which resulted from the Community Discussions we held in person and online throughout April and May. You can find the webinar recording and written transcript, as well as the meeting minutes from all Community Discussions, at https://www.drupal.org/community/discussions.
Many community members who participated in these discussions agreed that the next step to take in this process is to hold a Community Governance Summit. However, we are not yet clear on where and when this event should take place, who should participate, and several other important details. I worked with community members to develop this survey so we can answer those questions.
Please take 5 minutes to take this community survey and tell us your thoughts about the Community Governance Summit. This survey will remain open until 11:59pm EDT on July 28, 2017. We will analyze the findings and report back on what we learned in a follow-up blog post by Friday, August 4.
Thank you for your time and participation.
On 28 June, 2017, the Drupal Association Board held the second of four annual public meetings. It was a full meeting where staff provided operational updates and gained some strategic direction from board members on how to proceed in various areas. Some highlights included:
Summary of DrupalCon Baltimore’s performance and impact.
Progress on securing future DrupalCon locations.
An update on the Drupal.org infrastructure RFP that was recently awarded to Tag1.
Whitney Hess also attended the board meeting to give an update on the Community Discussion work and invited the community to attend her webinar that shared her findings and next steps. You can learn more and watch the recorded webinar here.
Also, Jamie Nau, our “virtual CFO” from Summit CPA attended the meeting to review April 2017 financial statements, which showed that DrupalCon Baltimore exceeded expectations, positioning the Drupal Association for a healthier year, financially. This is encouraging news as we work through our financial turnaround, which started a year ago.
In an effort to be more transparent about board activities, the board chose to use this public forum to vote to approve the January through April 2017 financial statements. April 2017 financial statements showed that April was a successful month primarily due to DrupalCon Baltimore's strong financial performance.
You can find the meeting minutes and board materials here.
We were pleased to have community members attend and invite you to attend our next board meeting on 27 September, 2017 at noon CEST. It is located in the DrupalCon Vienna convention center and can also be attended via zoom.
Join in the fun during the Drupal Association membership campaign happening now through August 4. We're providing personalized certificates of membership to individual and organization members who join or renew during the campaign and we need your help spreading the word.
The campaign has two goals: help us deliver 500 certificates and raise $18,250 during July 10-August 4. By sharing and encouraging Drupal users and people in the community to join us, you'll help us meet these goals. If we are told by 5 or more members that you referred them to us during this campaign, we'll thank you on social media.
Grab words and graphics from this post and share away. If you are a member who would like your own certificate let us know and we'll send one your way. Post your selfie or hang your certificate on the wall. Thanks for sharing!Social
Share why you are a member.
Use these with https://www.drupal.org/association/campaign/certificate-2017
300 x 250px
440 x 220px (good for Twitter)
300 x 140px
Thank you for supporting the Drupal Association and for being part of our community.File attachments: mem_campaign_2017_q3_300x140.jpg mem_campaign_2017_q3_300x250.jpg mem_campaign_2017_q3_twitter_1.jpg
Last week, we shared the high-level findings from our recent Community Discussions. Today, Whitney Hess hosted a webinar to explain those findings in depth, along with proposals from the community on how to evolve community governance.
We encourage you to watch the video and post your questions in the comment section here. If you have comments but wish to remain private, Whitney asks you to email her directly at firstname.lastname@example.org.
We will post a transcript of the video here as soon as it is available.
Over the last few years, many of us have seen the need to evolve community governance. Up until now, we had to focus on other priorities, but now is the time to address our needs for community governance especially in light of recent community events.
Our project has matured greatly and participation has expanded from developers and site builders to also include more content editors, designers, and marketing managers who work not only as freelancers or at Drupal shops, but also for large digital agencies or system integrators. We want all community members to be included in these community discussions so the redefined community governance serves everyone. This is an exciting time to create an even healthier future for our ever-growing community.
The Drupal Association is committed to staying in a support role as the community determines how to best evolve community governance to support everyone’s needs. We started helping by hosting Community Discussions that were mediated by Whitney Hess. There were 7 sessions at DrupalCon Baltimore and 7 virtual sessions between April and May. You can find the meeting minutes here.
The Community Discussions surfaced several common needs and identified several strategies for addressing those needs.
The most commonly shared needs of the community are (in order of frequency):
Strategies to address those needs ranged from clarifying the responsibilities and boundaries of the leadership roles throughout the Drupal project, determining how and where to communicate community decisions, improving processes for community management, and providing easier access to documentation about leadership roles and clearly communicating what is expected of Drupal community members.
In terms of next steps, the participants were in agreement that we need to come together in a Governance Summit to start architecting improvements to today’s governance structure. However, the community did not define the best way to hold this meeting. It is still unclear when and where it should be, and who should participate and facilitate. We will send out a community survey next to get input from you to answer these questions.Attend The Webinar
We invite to you attend a webinar on July 6 at 11 am ET / 1600 BST / 8:30 pm IST hosted by Whitney Hess. Whitney will review the findings from our Community Discussions in more detail. We will record the video and share it with you afterwards, along with a written transcript.
Dial in details are below:
Dial: +1 646 558 8656 (US Toll) or +1 408 638 0968 (US Toll)
Meeting ID: 589 988 397
International numbers available:
Thank you for your patience and participation as we tackle these big questions and move forward together as a stronger community.
Surrounding Drupal is a thriving global business ecosystem and thanks to collaboration with One Shoe and Exove, we’ve created an annual survey that gives insight into its health, focus, and needs. Businesses benefit by learning from their peers and seeing Drupal’s business trends. This survey also helps the Drupal Association find new ways to help support this community. Analysis of the 2016 edition of the survey can be found here.
We encourage all business leaders to take this year’s Drupal Business Survey.
The survey aims to provide a picture of the current Drupal Business landscape, including the health of Drupal companies, obstacles and enablers for Drupal’s business success and D8 adoption.
Participation is completely anonymous and takes fewer than 10 minutes. The first results will be presented at the Drupal CEO Dinner at DrupalCon Vienna on Wednesday, September 27th, 2017. Analysis and insights will officially be published on Drupal.org and in Drupal Watchdog Magazine.Participate!
You can participate anytime now until July 19th, 2017.
Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.Download Drupal 8.3.4 Download Drupal 7.56
Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for Drupal 7). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.4 release notes and the 7.56 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.
- Advisory ID: DRUPAL-SA-CORE-2017-003
- Project: Drupal core
- Version: 7.x, 8.x
- Date: 2017-June-21
- Multiple vulnerabilities
PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution.File REST resource does not properly validate - Less Critical - Drupal 8 - CVE-2017-6921
The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.Files uploaded by anonymous users into a private file system can be accessed by other anonymous users - Moderately Critical - Drupal 7 and Drupal 8 - CVE-2017-6922
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.
The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system.Versions affected
Install the latest version:
- If you use Drupal 7.x, upgrade to Drupal core 7.56
- If you use Drupal 8.x, upgrade to Drupal core 8.3.4
Also see the Drupal core project page.Reported by PECL YAML parser unsafe object handling
- XJM of the Drupal Security team
- Alex Pott of the Drupal Security team
- Peter Wolanin of the Drupal Security team
- Samuel Mortenson
- Wim Leers
- Alex Pott of the Drupal Security team
- XJM of the Drupal Security team
- Sascha Grossenbacher
- David Rothstein of the Drupal Security team
- Peter Wolanin of the Drupal Security team
- Michael Hess of the Drupal Security team
- XJM of the Drupal Security team
- Chris McCafferty of the Drupal Security team
- Lee Rowlands of the Drupal Security team
- Alex Pott of the Drupal Security team
- Nathaniel Catchpole of the Drupal Security team
- Stefan Ruijsenaars of the Drupal Security team
- Nate Haug
- Gareth Goodwin
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurityDrupal version: Drupal 7.xDrupal 8.x
Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.
After returning from DrupalCon Baltimore at the end of April, we spent May regrouping and focusing on spring cleaning tasks. It's important for any technical team to spend time on stability and maintenance, and we used May to find improvements in these areas and look for some other efficiencies.Drupal.org updates ???? UTF8MB4 Support
Support for the UTF8MB4 character set has been a long outstanding issue for Drupal.org and the sub-sites. This expanded character set supports supplementary characters outside of the basic unicode multilingual character plane, including symbols and emoji.
Previously the use of any of these characters on Drupal.org would result in an error. This extended support has been rolled out to Drupal.org and all of the sub-sites except Groups, our legacy Drupal 6 site on LTS.Protecting Localize.Drupal.org from Spam
After a spike in spam form submissions was reported (thanks Gábor!) we enabled form protection on Localize.drupal.org. Hopefully this will keep our many translation volunteers focused on the hard work of localizing Drupal, instead of on spam fighting. The techniques that spammers use to bypass protections continue to escalate, so we'll be continuing to evaluate new ways to fight spam as time goes on.Infrastructure Stability and Maintenance
We spent a portion of our time in May focused on some basic infrastructure issues. One of the Drupal.org production webnodes experienced a filesystem and networking issue and had to be removed from the rotation. We performed some forensics to identify the cause of the issue, and then rebuilt the virtual machine and put it back into rotation.
We also spent some time updating the remote access configuration with our data center, to make remote troubleshooting easier and more efficient for our internal team.
Finally, we performed an audit and inventory of our owned hardware. This helped us to identify underutilized resources that we could re-purpose, and will help us more quickly on-board our new managed infrastructure services partner at the conclusion of our RFP process.Infrastructure RFP
The deadline for responses to our Managed Infrastructure Services RFP was Monday May 8th. Once we'd received proposals from all participating vendors, we began our process to review those proposals internally and schedule interviews with the vendors. As we move into June this RFP process is wrapping up, and we will be announcing the results of the RFP soon.DrupalCI
One of the primary features of DrupalCI is that it allows developers to test against a variety of environments. To make sure that we're more easily able to keep up with the latest PHP patch releases (e.g: 7.0.x/7.1.x/5.6.x), the PHP environment containers are now rebuilt nightly.
Coding standards test results were added in April, and to make it easier for developers to see where the code standards issues appear within the code base, we're now linking the standards results to CGIT.More efficient test result saving
Since we began parsing DrupalCI test results onto Drupal.org we pretty rapidly reached more than 100,000,000 database rows of test results, taking up more than 100G of database space. To make offering this service more sustainable, we've implemented changes to how we store test result data. Instead of storing complete results for each test, we now only store the diff between the current test and the last test. This has resulted in a dramatic reduction in the amount of space consumed.Re-purposing owned hardware for bots
DrupalCI is also the most expensive single service that the Drupal Association provides to the community. In addition to the labor costs involved in building and maintaining the system, the amazon spot instance costs average between $2000-$4000 each month. After spending some time doing an owned hardware inventory audit, we've realized that we can repurpose some of our existing hardware as VM hosts for additional testbots. These testbots will not be as fast as the AWS instances, so we'll be reserving them for use with the nightly test builds, however we hope that even this change will represent a significant savings. Work on this continues into June.
As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:
- Amazee Labs - *NEW* Signature Supporting Partner
- Aten Design Group - Renewing Premium Supporting Partner
- Phase2 - Renewing Premium Supporting Partner
- Lullabot - Renewing Premium Supporting Partner
- Studio Present - *NEW* Classic Supporting Partner
- Chapter Three - Renewing Classic Supporting Partner
- Access - Renewing Classic Supporting Partner
- Softescu SRL - Renewing Classic Supporting Partner
- Linalis - Renewing Classic Supporting Partner
- Druid - Renewing Classic Supporting Partner
- Promet Source - Renewing Classic Supporting Partner
- Adapt A/S - Renewing Classic Supporting Partner
- Booz Allen Hamilton - *NEW* Classic Supporting Partner
If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.
This guest blog post is from Drupal Moldova's Association (not affiliated with Drupal Association). Get a glimpse of what is happening in Moldova's community and how you can get involved.
Drupal Moldova Association’s mission is to promote Drupal CMS and Open Source technologies in Moldova, and to grow and sustain the local community by organising Events, Camps, Schools, Drupal meetups and various Drupal and Open Source related trainings, and by establishing partnerships with Companies, the Government, and NGO’s.
Come and share your expertise in Moldova at our events! We're looking for international speakers to speak about Drupal and open source.
Among DMA’s (short for Drupal Moldova Association) numerous commitments, the following are of special importance:
to gather the community around Drupal and Open Source technologies;
to train students and professionals who want to learn and work with Drupal;
to organise events to keep the community engaged and motivated to improve, learn, and share experience;
to make sure Drupal is accessible to everyone by offering scholarships to those who can't afford our programs;
to elaborate a well defined program that helps students learn Drupal, acquire enough knowledge to get accepted for internships by IT companies, and be able to build Drupal powered websites;
to assist new IT companies in establishing a local office, promote themselves, collaborate with other companies, and connect with the local Drupal community by giving them the opportunity to support our projects.
Over the last 5 years, we have been dedicated to achieving our goals! DMA have organized over 20 projects and events, including Drupal Global Training Days, Drupal Schools, and the regional DrupalCamp -- Moldcamp. Our projects have gathered over 700 local and international participants and speakers, and more than 15 International Companies that have supported us during these years (FFW, Adyax, IP Group, Intellix, Endava and many others).
Moldova is rich in great developers and people driven to take initiative and to grow and place the country on the world map. We are aiming to go beyond our limits and have a bigger impact in the year (‘17-’18), therefore we have created a yearly plan that contains projects similar to those we have done in the past years, as well as new and exciting ones:
Drupal School (3 step program), starting with Drupal School 8 plus PHP (step 1): Drupal School is an educational program - split into 2 months, 25 courses of different levels (Beginner, Intermediate, Advanced).Drupal School aims to introduce people to Drupal 8 and PHP, and help them become Drupal professionals;
Moldcamp 2017: Sep - Oct 2017. A regional DrupalCamp that gathers around 150 Drupal professionals, enthusiasts, beginners and any-Drupal-related-folk in one place for knowledge-sharing, presentations, networking, etc. We will announce the event soon and allow speaker registration. Please follow us and don’t miss out on the opportunity;
Drupal Global Training Day: Dec 1-2. A one-day workshop that has the purpose of introducing people to Drupal, both code and community.
Drupal Meetups: These are organized each month and they allow our community to be active and share knowledge.
Tech Pizza: - Jun, Aug, Oct, Dec. A bi-monthly event, where the ICT community can gather in a casual and an informal environment around a pizza and soda and discuss the latest IT trends and news. The core of this event is a speaker / invitee from abroad with a domain of expertise;
The proposed program “Drupal and Open Source in Moldova 2017 - 2018” is made possible through the support of USAID and the Swedish Government. Thanks to these organizations we can focus on the quality of our projects make sure they happen as planned. Also, we have a very important partnership with Tekwill / Tekwill Academy, which helps us even more in our quests.
We start with School of Drupal 8 plus PHP program, which will be held on 19th of June 2017. So far we have 3 sponsors--IPGroup, Adyax and Intellix--and two trainers.
We, The DMA, believe in pushing the limits! Our long term goal is to build and maintain big an active Open Source community by attracting more local and International participants to our Projects and Events, and continuously improve our sessions. This will make our presence felt in the global Drupal and Open Source communities and markets. Find us on Twitter @drupalmoldova, or on our Facebook page. If you are interested in speaking in Moldova, contact us at email@example.com.
Remember how we are making changes to DrupalCon Europe? These were hard decisions and some things we love we found just weren’t financially viable. Like free t-shirts. But one thing we heard a lot was “please don’t take away the t-shirts!”
We heard you. And while it doesn’t make financial sense to give free t-shirts to all attendees, we still want to be able to continue to offer them. So we’ve come up with a plan.
At DrupalCon Vienna, t-shirts will be offered to the following groups:
Individual Drupal Association members who register for DrupalCon Vienna between 5 - 16 June 2017. You must register in this two week window AND be an individual member of the Drupal Association.
Volunteers who work at least four (4) hours onsite in Vienna 26 - 29 September. You must check the volunteer box during registration and must show up on site to volunteer for four (4) hours or until released by event staff.
Volunteers as part of the DrupalCon Program Team
I’m already a member, how do I make sure that I'll get a shirt?
If you are already an individual member, you get a t-shirt! BUT you MUST register in the first two weeks of ticket sales. Registrations after 16 June will not receive a t-shirt, member or not.
I’m not a member, can I do that during registration and still get a shirt?
Yes. If you are not a member you can become an individual member during your conference registration. You will be presented with a page during check-out that gives you the option to become a member.
I already registered but JUST saw this post! What do I do?
If you are a true early bird and register in the two weeks, but somehow missed this news post until after registering - that’s ok. As long as you become a member before the end of 16 June and you’ll still get a t-shirt.
The registration didn’t say anything about t-shirts or ask for my t-shirt size? What’s up?
After the 16 June cut-off date, eligible registrants will receive an email confirming their t-shirt along with a link to select their t-shirt size.
You got a session selected? Great!
We’ll refund your registration amount (but not your membership) and you get to keep the t-shirt. Our regular no-refund policy applies to all other sales.
You’re part of an organization that is buying a bulk amount of tickets for employees? Lucky you.
Your organization should provide you with an individual redemption code. You’ll need to redeem your individual registration before 16 June AND also be an individual member of the Drupal Association in order to get a t-shirt.