Your response seems almost angry or offended. If so, that was certainly not my intention. I also think there is a bit of misunderstanding about my suggestion.
Not really, I wasn't annoyed the least bit. I was just explaining why I am not going to implement the feature you requested. I could have stopped at "no", but I don't think that is appropriate. I prefer to explain why I'm not going to implement that feature and what are your alternatives.
The update notice is also of value whether I have a one click login available or not (which I personally don't value, but I canunderstand if other people do value it). Just knowing that an update is available gets me to take a look start making sure that I can update without any compatability issue.
That's exactly what I understood. You do not need AT's update notifications. They are designed as a tool to enable true one-click updates. You do not need a notification per site, you need a notification every time a new Joomla! version is released. One notification for all sites, not one notification per site. This you can do by subscribing to Joomla!'s security newsletter, issued whenever a new release is out. Or follow Joomla! on Twitter. Or subscribe to Joomla!'s release announcement RSS feed. That's all I was saying.
I'm suggesting that once a notice is sent, the plugin can be prevented from sending another unless a certain amount of time has passed. The link can still be a good for only 24 hours link. If it takes longer than that to get to it, the link just won't be useful.
No. This is not the feature I want to implement and will cause more support requests. I prefer to keep the feature I have already implemented instead of transforming it to something which I don't like and know that will cause problems.
I also find it extremely unlikely that you can forget to update a site. You don't want to receive emails because you don't update on the spot but do tests to make sure that each site's extensions are compatible with the update. Why don't you keep, say, a spreadsheet with all of your files and mark which ones you have tested and which ones you have upgraded? Or maybe you can use a service like Watchful.li or a solution like JMonitoring to have, at a glance, the current Joomla! version of all of your sites. You don't want update notifications to be pushed to you. You want to pull update notifications at your own pace.
That said, I find your approach potentially disastrous. One of the key features of Admin Tools (when used together with Akeeba Backup) is the "Backup, then update Joomla!" feature. Workflow:
- You receive an update notification
- You click on the link
- The link takes you to the back-end of your site, logs you in and presents you the Joomla! update page. You click on the "Backup then update Joomla!" button
- Sit back and relax as Akeeba Backup takes a full backup of your site, then return to Admin Tools which updates Joomla!
- Do your tests to make sure it's all working. If crap happened just go to Akeeba Backup, Manage Backups, check the latest backup (first on the list) and Restore. No harm done.
We already offer you an optimal workflow which doesn't cause grave issues with sites (even if it does, it includes the option to restore the site from a backup). If you don't want to use it it's your choice, but don't ask me to change this workflow. I won't. I believe that what you are asking for is a terribly bad idea from a security perspective. I understand why you're doing it but, frankly, I'd rather restore a site from a backup once every 2 years (when such incompatibility issues you fear arise) than risk my site getting hacked. That's also what I am trying to impose to my users. It's my duty as a developer of a security extension to point them to the right security direction. If you want to ignore my advice, feel free to do so. As I said, there are alternatives which will work for you like JMonitoring, Watchful.li, Manage My Joomla and Admincredible β and these are the ones I have heard of or reviewed.
I have laid on the table all the options I could think of and their security assesment. I can't tell you which one to choose (I'm not you and I don't run your business) but I sincerely hope that I have helped you making an informed decision.
Please don't take my words wrong. I am not angry or offended. I am just being blunt. That's me. I don't have very good people skills but I try to overcompensate with software skills and the advice/consultancy I give for free :)
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
