Ivan Sergio Borgonovo wrote:
Since I will need a longer life cycle... I know I'll have to support security patches for at least one more older release starting from 5.X.
Thank you for the offer. Openflows is doing something similar for Drupal 4.7 core.
I could start to take care of this in a *very* informal way. That means that I'll make aware people that they CAN'T relay on this service and see how it goes.
If people cannot rely on this service, how can they make the choice to skip upgrading for two releases?
What I know I won't be able to handle is assisting in fixing security problems in older modules or providing a full tar of an older patched version or manage DB update path.
Whether a burglar comes trough the door (core) or the window (contrib) doesn't matter much; you still loose your toys. This is why the sec team also started doing security announcements for contributed modules. In exchange for continuing support for 5.x what needs to happen (at least): - Dropping security support for all alpha, beta and dev releases. - Buy-in from the rest of the team. Regards, Heine