Folks, we are not making a point. It is bad. Very very bad to keep insecure stuff out there. It is very bad from the site admins and their data's security and site viability. I do not want people suffering the shock of the loss of their site because they relied on unsecure stuff. Did no one read my not a developer point of hard earned experience? Has no one wanted to take me up on my offer!? I OFFERED a solution. Instead people want to discuss personalities and wortdings of individuals. Please comment directly to MY points in my post! Do not ignore them because they disagree with yours and those experiences are those of a NON developer. For what it's worth. I have walked 9 people in the last year through getting older versions of Drupal from CVS on #drupal-support. 3 from Drupal 4.3, 1 from Drupal 4.2 and the rest Drupal 4.4 code base. It took approx 20 minutes on average per person. -sp
-----Original Message----- From: development-bounces@drupal.org [mailto:development-bounces@drupal.org] On Behalf Of Larry Garfield Sent: Saturday, May 27, 2006 8:29 PM To: development@drupal.org Subject: Re: [development] Here is how you can get 4.5 security patches
I am not demanding that you support 4.5 forever. I don't think I've ever demanded anything on this list, although I will sometimes suggest forcefully. :-) 4.5 itself is actually quite useless to me, as I first started using Drupal in the early 4.6 days and have never had a running 4.5 install.
I don't expect Drupal to provide support or patches for too-old releases. That wouldn't make sense. At the same time, though, the revisionist history of expunging them from the web site is just as bad. Lisa pointed out some practical cases where someone may still need access to an older version. If they're already there on the site, don't remove them. Flag them as "legacy, unmaintained, and insecure. Don't use or you're dumb" instead.
I'm referring mostly to older modules. If someone already has a 4.5 site running, and want to add a 4.5 module to it that used to be available, why make it harder for him to get it now? Just to make a point?
The other key point I am making is that "you can get it from CVS" is, for 98% of the computer using world, exactly synonymous with "no, we won't let you have it, ha ha!" While almost anyone on this list either knows how to check out an older branch from CVS or can figure it out from the web site fairly easily, the same cannot necessarily be said for the majority of people running those 60,000 Drupal sites (or whatever the current number is). Saying "you can get it from CVS" to someone means saying "you're not 1337 enough". That's something you really don't want to say.
On Saturday 27 May 2006 14:07, Karoly Negyesi wrote:
Hi,
I am shocked by the demands to support 4.5. Do not forget that you are not paying Drupal developers to do anything. You are not my boss. Nor anyone else's. On what base do you demand? On the amount of contribution you made to Drupal over time? I have yet to see any such contributor (note: I said contributor, not coder.) who demands this.
Therefore, the solution is very simple: if you are running 4.5 and do not want to update, find others in the same situation and hire an able coder who will provide the security patches for you. We will consider adding said person to the security team and some guidance will be providded, but please do not expect too much from our side.
Case closed.
Kind regards,
Karoly Negyesi
Ps. While I sometimes work for money, do not consider me. The less 4.5 code I need to touch, the better for me. Money won't change this.
-- Larry Garfield AIM: LOLG42 larry@garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson