Maybe we should take the Ubuntu LTS approach, beginning with D5. -----Original Message----- From: "Moshe Weitzman" <weitzman@tejasa.com> Date: Mon, 28 Apr 2008 11:35:10 To:development@drupal.org Subject: Re: [development] RFC: drupal as a moving target So, now we are getting down to specifics which is good. The official security team policy is that we support the current release and the prior one. If we want to add a release to that list, then we need to think of a way to fund it. The volunteer fire dept approach of security team cannot possibly accept more work as it currently stands. We already review patches and issue advisories for hundreds of contrib modules on top of drupal core. IMO, It is time to fund the position of "Security Team lead". That person can then focus on optimizing the volunteers and can then decide if supporting another version is feasible. If anyone wants to fund this position, or donate their employees' time toward this, then please talk to the Drupal Association. We dont' really need more volunteers on the team IMO- coordination costs start to overwhelm the benefits.
It's been mentioned a couple of times on irc, so I can't take credit for the idea, but would it be worth discussing an extension of support for older core versions? To play devils advocate this would mean maintaining 5.x until 8.x is released (or 6.x until 9.x etc.), even if only for security. Obviously contrib support for older (and newer) versions of core remains entirely optional per maintainer/project.