On 10/21/07, Gerhard Killesreiter <gerhard@killesreiter.de> wrote:
Hi there,
the update status module has introduced a new mechanism for updating everybody's Drupal site. It tells you when a new version becomes available and warns you when you don't install security releases.
One issue that has so far not been addressed is: What happens if a module has two branches and there is a security release for one of them?
It actually has been addressed. Enhancing update status to handle this case has been discussed and "won't fixed" here: http://drupal.org/node/184814
This situation existed with the pathauto module. It has a 5.1 release and a 5.2 development branch with a beta release. There was a security issue found on the 5.2 branch and a security release was created for it. Unfortunately, since the 5.2 branch was made the default branch, every 5.1 user got told to upgrade to the beta release.
This is confusing for less tech savvy users since a beta release is usually perceived to be unstable (even though Greg tells me the 5.1 release is actually quite buggy too).
So, what I am asking for is this: Can we agree that in the absence of a "real" release, a branch should not be made the default branch?
I believe the rest of the discussion stems from Gerhard's feeling that the "official release" of Pathauto was too buggy. My apologies to anyone else who also feels that way. I've changed it back so the official release is from the (differently-buggy) 5.x-1.x branch. In general, I don't have a strong feeling about whether or not certain strings like 'beta' in the "official release" should be allowed or prevented. Drupal project page itself does that, but it is a special case. Views did this for a while but I believe that Earl now regrets that. Greg -- Greg Knaddison Denver, CO | http://knaddison.com World Spanish Tour | http://wanderlusting.org/user/greg