Hey guys, have you already thought about to provide a minimal b2c installation/setup with only the n

UK7KBE2JW

Hey guys, have you already thought about to provide a minimal b2c installation/setup with only the needed base functionality without the complete bunch of overhead? Another question is, have you already thought about to inform your customers about security fixes before you inform the world via newsletter?

UKHD8KTMF

How minimum is minimum? What is overhead?

UKHD8KTMF

You can subscribe to security updates here: https://documentation.spryker.com/docs/security-updates

UK7KBE2JW

Minimum like only needed packages for minimal shop experience or minimal shop skeleton. For example products without all the extra stuff, checkout and needed stuff like kernel, elastic, scheduler etc. and something like I can do require glue or require yves. I think its easier to add or require a package instead of going through the whole composer.json and drop every unnecessary package

UKHD8KTMF

Technically speaking minimum is the kernel module. It would be nice to have a tool where you could pick functionalities that you want and have and have composer file generated, but that does not exist at the moment.

UK7KBE2JW

I am already on the security update mailer, thats why I ask. Because everyone who is interested can subscribe too. So if you tell everyone about security issues at the same time its not easy to update in time. You know your Customer who pay for the Spryker OS so you could inform them some days/weeks before

UK7KBE2JW

yeah with tool sounds nice too

UKHD8KTMF

We inform know customers first as far as I know.

UKHD8KTMF

In terms of what is minimum spryker shop it is super hard to determine. Just take product as an example -> it can have picture or not, it might need a stock or not it might require super attributes or not , might not need prices art all etc. It really depends on the project.

UK7KBE2JW

Hmm ok, as I know we get those infos only via the security newsletter. Most of those fixes are not that easy/fast to implement/update since we have much customization we also have to update/test with new spryker package versions

UK7KBE2JW

Yeah minimal setup is something to define first. everything is needed to list and sell products with prices, pictures, stocks, variants, etc. and things like bundle, measurement units, packaging units etc. to install as an option.

Valerii Trots

you could inform them some days/weeks before

Thanks, I forwarded your feedback to our chief security officer and he agreed with this point. 👍

UK7KBE2JW

great, thx

U018XELUZS9

Regarding "What is minimal": I once worked on a project without a card and a checkout

Christian von Schassen

Hi Julian, I just want to confirm: It's a good suggestion to inform Spryker customers of security fixes first before informing the rest of the world about it. This is exactly what the security mailing list is for. We screen every registration and allow customer and partner emails only. All other registrants will get removed. That way we make sure to inform our legit users first and give them time to incoprporate the security fix. Hope that helps!

UK7KBE2JW

Hi Christian, ok, this sounds nice, thank you for the feedback