 Hello, I'm Rachel Larson from the Drupal Association. I have yet another one of the initiative teams for DrupalCon with me today. And today I have David, Ted, Matthew and Tim who are from the Auto Updates Initiative. So Thursday, DrupalCon North America will all be about auto updates. But what do we mean by this? I know it's the name of a strategic initiative for Drupal but can you tell me a little bit about what that means, David? So at the risk of waxing a little philosophical, I think that what I think about Drupal as a project and I think about what it's meant to me and to a lot of the users of the project in terms of enabling them as developers, as creators for the web, it's that Drupal starts off in this consumer experience that allows you to gradually open the hood as you gain more and more comfort with the systems and you can rapidly get something that approximates what you want and then you can divert from that and learn more and level up as a developer as you explore those skills. And the reason why this ties to me and with Auto Updates is because we've adopted and really embraced Composer as a project which is great for solving the developer end of the ecosystem where you've already opened up the hood, where you have things like continuous integration, where you have deployment servers, where you have local development environments, where you're updating your Composer builds or your Composer metadata and packages. What it doesn't really answer for us is what happens with this other end of the spectrum where people are using Drupal as more of a consumer system where they install it traditionally through extracting a tarball. They install plugins. They wanna keep it up to date. They don't necessarily have a budget for managing the site in terms of people continuously being on call, let alone in the middle of the night to apply security updates. So in a lot of ways what I see Auto Updates as tackling as a problem for Drupal and an opportunity is to enable this complete spectrum all the way from people who are configuring their way to sites all the way to coding their sites as well as the spectrum of use cases they have and harmonizing that under one model that's actually centered on the package management of Composer and the way that that's structured and providing a smooth learning curve as you move from this more consumer oriented experience to a developer oriented experience. That's a lot. We're actually talking about making some big, big improvements. I mean, that sounds like a lot of work as well. So Tim, can you tell me why is it important that we're doing this? That's a great question. But I think to riff a little bit off of what David has said, I think over the history of Drupal, what we've done time and time again, particularly with our different sort of major release cycles is we focused really heavily on technical innovation on staying on the leading edge of how the web is built and enabling kind of the next generation of those sorts of digital experiences. And often user experience and cost of ownership has lagged behind the level of technical innovation that we're capable of. So speaking more broadly than just auto updates, for my part, I have felt that the sort of feature release cycle throughout Drupal 8 and into Drupal 9 and I think even going beyond to Drupal 10 has been often about empowering users to take advantage of these robust technical capabilities more easily. So when we talk about auto updates, what we're really sort of saying is we want to empower users to use composer-based dependency management in Drupal more easily. And so that's going to mean that you can use the automated updates system to ensure that your site doesn't have any sort of blockers that would prevent updates by using the readiness check system to apply those updates in an automated fashion for you and to be capable of rolling back if anything should go wrong with those updates, just making it much easier to stay on top of the regular updates for Drupal. And that's important for a few reasons. One is it lays a foundation, as David said, for kind of leveling up what people might do. It lets them ease into the composer environment and this deeper side of dependency management. But it also lays a foundation for us to go the other way, to us to make the car, as it were, more sophisticated, more of maybe an autonomous vehicle of more self-driving so that not only perhaps can we automate these updates, but maybe we can use some of this foundational work to think about having a module installer sort of project browser more robustly built into Drupal or all sorts of other things that might be possible. And then beyond that, it's important just because this ease of use question and this lowering the total cost of ownership of Drupal is just going to help the adoption of the project. The reputation of Drupal is for this level of technical sophistication and this extreme power that it has to enable people to build great things. But some folks are intimidated by it and the more we can do to make it less intimidating and to make it take care of itself in the most essential ways, the more people we can bring into the community and the more people who can take advantage of what Drupal can do. I like it. I like it. And you deal with intimidation through education. So talking of which, what do we think people might be able to learn at DrupalCon about the initiative on that initiative day, Ted? Yeah, we're going to have a few sessions. And so we're going to start off with kind of an overview, which we're going to get into some of the problem space that David and Chen rolled out, but get into more details of why is this so important? What is the space? A lot of people think, well, I have this process for updating my site. I have Drupal-specific hosting, maybe, but a lot of the Drupal world doesn't. And sort of looking at, OK, are people updating to security updates right now? And sometimes they are. Sometimes they aren't. And so that's really, we want to focus on making that as easy as possible to make sure that as many sites as possible are in the latest security releases, especially for Drupal Core. And we're going to start off with like, we've already done some work on notifications for the security updates coming out. And then we're going to get into this initiative. We really delve into a few different libraries. In a module, it's going to be in Drupal Core, but then some libraries outside of Drupal Core, where we're working with other open source projects like Typeo 3 and Chumla, PHP projects specifically for some of our libraries that are going to add security signing to our updates. And then also, we're working with the Cloud Native Computing Foundation. I think I got that right. And we're implementing their spec, the update framework. So we're going to have a, hopefully, somebody from that initiative. Give a guest talk about what the framework is outside of Drupal. And then we'll have talks about how we're going to use it. And then we'll also have a more like contributed focus, like how, OK, here's the sort of technical details of the libraries that we're making, Drupal Core changes we're making, kind of the skills that the different parts. One of the things about this initiative is since we're doing stuff in and outside of Drupal Core, there's like different stuff that maybe usually you don't think of as Drupal contribution languages, like we have some Python. We have a lot of like composer expertise that we're looking for. So yeah, it's sort of basic overview and then delve in technically deep. And then some related sessions on, say, XJM is giving a session on dependencies of Drupal Core as far as our composer dependencies and also JavaScript dependencies, because most of these updates will or often security updates will require update to one of these. So how will we handle that? And how does that affect our releases right now? Oh, fantastic. Yeah, so it's so many different things coming together. It's going to be really interesting. So we will have got all these people by the end of sessions on the day really excited and they'll be like, oh, wow, we really want this to happen. How can I help? How can I participate in the future of auto updates? So we will have a contribution time on Wednesday. And I know that you've all been working on what that might include and still ideas coming on that. So is there anything you can tell us about what might be possible to get involved in at Drupal Con and the future of auto updates? Maybe also things that aren't code too. Matthew. Thank you, Rachel. So I've had the unique opportunity over the last couple of years to sit not with the auto updates initiative, but at a couple of conferences like Midwest Dev Summit and Drupal Con and just listening to what's going on. And it's always been fascinating to me. But I haven't actually had the chance to dig into two things. Particularly, there's a couple of needs. If you have a strong interest in composer or PHP or an interest in DevOps and hosting, those are things that in skills that you can be immediately applicable. But more than that, a lot of times when I am listening, I'm confused by all the terminology. And that's new to me too. And so what we can do now as well is start thinking about how we're going to promote auto updates as we as Drupal service providers or agencies are trying to sell Drupal to our customers. And also to, if I am having trouble understanding it, we need to improve our initiative documentation and start working on documentation now so that the rest of us can learn quicker and be easier to adopt auto updates and update our own core instance. Thank you. Thank you. Well, thank you very much. In fact, thank you to you all. I think we'll leave something for a later video and then we'll see your keynote at Drupal Con as well and get involved in the sessions and the contribution later in the day. I'm really looking forward to it. I think it's going to be fantastic. And I look forward to meeting you all there. Thank you. We'll speak soon. Rachel, thanks. Thanks, Rachel. Thanks, Rachel.