"Greg Knaddison - GVS" wrote:
On 10/19/06, inkfree press <inkfree@gmail.com> wrote:
Any methods suggested for determining which modules will break is appreciated.
Well, in Heine's original message he linked to:
Converting...
Thanks. I suppose the word "Converting..." stopped me, since I am not a module developer. I did not think more closely that this would also provide a general overview for module users (i.e., site admins) (which it may...I'll read more closely now.)
I believe a list of affected modules is coming from the security team soon.
Good. That would really seem like information which should have been prepared before the release, and then submitted or posted along with the update. I know this is the 'dev' list, and so converting modules and such is important for readers of this list. However, from a "user"/"administrator" point of view, "converting" modules is not on the radar. I would suggest "Updating and Converting..." instead of "Converting..." for future security releases. If a security update will _break a site completely_ then it seems prudent to include that information _right away_ so that folks don't go all willy-nilly updating when it's not a priority or when the benefits are not greater than the breakage which might occur. [It sounds, from the announcements, that the threat is so statistically impossible that it does not merit a 'Moderately critical' flag...which is a nonsensical phrase anyway. Something is either 'critical' or it is not, but it can not be "moderately critical". Perhaps it could be "moderately likely". Anyway, enough on this for this list. I digress.] Thanks to the security team for keeping things safe. We all _really do_ appreciate the work and the effort. (My mild complaints or observations about the announcement do not discount this work or the appreciation.) I did (just now) subscribe to the security announcement list, so that if I have any comments I can make them in a more appropriate place. I do not think I will apply this update to any of our Drupal 4.7.3 sites, since my understanding from the announcement is that the actual convergence of events needed to make any exploit is statistically unlikely...or at least so negligible as to not be worth the breakage which has been foretold. Thanks, Greg, for pointing me to some early reading. -- inkfree