Drop Guard’s successful Showdown with SA-CORE-2018-002
A lot of Drop Guard users faced their first Highly Critical SA-CORE-2018-002 update within the PSA-2018-001 release last week. We interviewed a bunch of them and want to share Drop Guard’s performance with you. This means that we will share its achievements, its flaws and its “should have performed better”.
The Good - hard data about Drop Guard's victory
Until today, Drop Guard performed 7370 updates for Drupal agencies and their clients all around the globe.
66% of those agencies updated on average 25 websites, Drupal 7 and Drupal 8, because of the Drupal Core Update SA-CORE-2018-002 last week. The rest were freelancers, universities, non-profits and agencies, which updated up to 10 sites or more than 30. So, all of them automated their update processes in part or even fully. Some users enabled Drop Guard to apply the Highly critical update directly to the live (or production) environment without a QA loop through several test options. In this case, security beat functionality.
A lot of users also benefited from using Drop Guard in part, so Drop Guard detected the update, initiates the update process and applied the updates to the stage branch (or also feature or update branch, depending on the preferences of a user) - or detected the patches which needs to be checked in detail so customized modules won’t get lost without permissions of the development team.
10% of the tasks which Drop Guard created to apply the updates, failed the test or showed an error status, so a human interaction was needed.
Our developers informed us that Drop Guard did not need more than 1h and 50-55 minutes from update release to performing the last task. Usually, an update takes not more than 5 minutes, but complicated by the difficulties of the reachability of Drupal.org, Drop Guard had to wait as well for the information.
I enjoyed to receive customer feedback like:
PSA-2018-001 - went to bed and 12 hours later every project was up to date.
The Bad - what we will improve for you
We also faced some difficulties with Drop Guard. These were mainly configuration issues, which weren't clear in the UI - so we need to optimize the error handling within the interface to make the process more transparent.
Other users faced incompatibilities with their (customized) code and Drop Guard’s checkup - they couldn’t apply the update easily without deciding whether to use Drop Guard’s suggested updated code or to keep their customized modules.
All customers complimented our quick support where issues and questions got solved directly. You can always join our Drop Guard slack support channel and get in touch with us.
And the Ugly - your feedback to make Drop Guard even smoother
Drop Guard’s performance was literally described as “a Swiss watch” - but the tool displayed some confusing information as well: it pretended to update to 8.5.x but actually did it to 8.3.x. For example - teething problems we will knock out.
It was also annoying that the project overview and configuration page loaded slow, as a lot of users accessed them at once.
One user pointed out, that it would be calming and more efficient if Drop Guard would update a project’s modules by priority / urgency - oh yes! That’s something we will improve as well to guarantee an intelligent approach.
Drop Guard showed again that it can cope with Highly Critical Drupal Core updates. All in all we are very proud of the performance and especially thankful for the great feedback, the critical review and the smart feature suggestions. We can’t wait to accomplish the next optimizations based on your feedback to make Drop Guard even more valuable for our users.
If you want to add your feedback, we’ll still look forward to hear about your SA-CORE-2018-002 experience in this 3-minutes-survey.
Do you want to read more about the latest #drupalgeddon candidate? Read about the processes & preparations of other agencies in Best of - Update marathon 2018.