Placeholder issue for any tasks related to Backdrop CMS for https://github.com/mbaynton/cms-autoupdate-design with task list to be eventually formed for any actionable things specific to us.

Everyone's opinion is welcomed, but we specifically seek opinions from the PMC members.

Respective/related issue in d.org: https://www.drupal.org/node/2367319 (efforts moved to contrib in https://www.drupal.org/project/automatic_updates)

  • [ ] #414: The automatic part
  • [x] #1911: Improve update experience
  • [ ] #1992: Include digital signatures on packages
  • [ ] #2024: Improve security of updates
  • [x] #2555: Move /profiles under /core/profiles
  • [x] #3105: Add ability to update Backdrop core via UI
  • [ ] #3208: Remove/deprecate authorize.php
  • [x] #3271: Expose the Backdrop core update via the UI by default
  • [ ] #3714: Installer should check digital signatures.
  • [x] #3008: Symlink to document root causing module update issues

June 2021 update

From the Drupal 9.2 release announcement blog post:

The Automated Updates Initiative has been very active in the repositories under https://github.com/php-tuf building a PHP implementation of The Update Framework (TUF) with Typo3 and Joomla developers to provide signing and verification for secure PHP application updates. Results will be included with later Drupal releases.

GitHub Link: 
https://github.com/backdrop/backdrop-issues/issues/2018
GitHub Issue #: 
2018