Drupal Core Auto-Update Architecture

Dries has proposed that Drupal core be re-engineered to support a secure auto-update mechanism.

Sounds easy in theory, but the devil is in the details, and such a change risks both being a disruptive change in the development cycle and introducing a new vector by which Drupal sites could be attacked.

We will conver some background including:

• The fundamental challenges and trade-offs when building a secure auto-update system 
• How the WordPress autoupdate mechanism could have been used for mass distribution of malware
• Options for automating updates using currently available tools
• multi-server, read-only code, and Composer challenges

We will review some existing secure CMS auto-update systems, and present possible approaches for Drupal along with the corresponding development or infrastructure challenges.

This will be a conversation to solicit input and discussion on the feasibility and technical approaches to this problem.