The Drupal Association and the Security have discussed off and on how to improve the security of Contrib and the effectiveness of our update mechanism. And you are right that we are considering changes to how modules without stable releases are listed on drupal.org. We also discussed how update module should handle them. You can bet that any changes we make will further marginalize these modules, since they operate outside of update module which is a very bad thing. On Feb 18, 2008 11:56 AM, Xavier Bestel <xavier.bestel@free.fr> wrote:
On Mon, 2008-02-18 at 08:49 -0800, Earl Miles wrote:
Ashraf Amayreh wrote:
Sometime I think this should become a requirement rather than something optional, all current dev releases could be promoted to a first release and new dev releases banned.
No, because during active development it is really convenient to have the -dev releases available.
I agree that it is inconvenient that sloppy module maintainers do not create releases. However, this is my philosophy:
If the maintainer of the module is sloppy enough as to not be able to provide proper releases, despite the existence of a good release mechanism, then I have little reason to trust that module developer's code.
i.e, I think people simply should not use these modules.
But then, these modules should be filtered out of the modules list on drupal.org, unless one ticks an "include unreleased modules" checkbox. That would help greatly in building a module set.
Xav