hello all. 1st, once drupal 4.7 becomes a reality, will version 4.65 still be supported? and for how long? what is the policy. 2nd, I see that drupal already is a powerful platform and has been maintained for long, yet, I must say I don't like the attitude of some of the core developers "if you don't like it, creat it" or something of the sort. I am saying this because, we drupal users deserve to get basic functionality available in drupal, like a web-link directory, a more secure guestbook, a faq, etc. not all of us know how to code modules. 3d, is there a way we could make the registration to drupal based sites more secure, mainly by making users have to activate their accounts via email, like most other cms? please, don't say captcha. thanks in advance. mohammed.
On Sunday 12 March 2006 08:56, Mohammed al-shar' wrote:
hello all. 1st, once drupal 4.7 becomes a reality, will version 4.65 still be supported? and for how long? what is the policy.
Current policy is that a release is given legacy support for one release. That is, 4.5.x is supported now and will be until 4.7 is released, 4.6 is the current stable and will be supported until 4.8 is released, 4.7 will soon be stable and will be supported until 4.9 is released, etc. (Of course, we could skip numbers, but you get the idea.) "Supported" in this case means "gets security patches periodically". 4.7 is also going to get non-breaking-things bug fixes too, if I recall its release maintainer correctly.
2nd, I see that drupal already is a powerful platform and has been maintained for long, yet, I must say I don't like the attitude of some of the core developers "if you don't like it, creat it" or something of the sort. I am saying this because, we drupal users deserve to get basic functionality available in drupal, like a web-link directory, a more secure guestbook, a faq, etc. not all of us know how to code modules.
There's nothing Drupal specific about that. Any volunteer-based open source project has the same statement: "We write what we feel like, or what someone pays us to write." No developer owes you something unless you've given or agreed to give him something in return; that could be money, could be time spent reviewing patches, could be time spent writing documentation, could be time spent answering questions on the forums... There's lots of ways you can do a tit-for-tat with open source developers, but very few will give you a tit without getting some tat in return.
Talking about how you "deserve" their time and energy without offering something in return for it is a sure-fire way to get them upset and make them not want to do anything you ask for.
That's still more than you get with any proprietary program, where "give us money and maybe we'll think about it if the marketing execs decide to" is the only option.
3d, is there a way we could make the registration to drupal based sites more secure, mainly by making users have to activate their accounts via email, like most other cms? please, don't say captcha. thanks in advance. mohammed.
Users already have to go to their email to get their initial password. If you want more restrictive accounts, you can set Drupal to require admin approval of new accounts before they become "real". Is that sufficient?
(If you're trying to avoid spambots, then a "click here to activate your account" link in an email is no more secure than emailing the password in the email. Both are easily scrapable by a bot that can then use either one to fake its way in.)
larry, thanks for answering. I do think some clerification is needed: in my second point I didn't mean to sound that firy, and I don't think anyone would get here if he / she doesn't already understand the spirit of open source software. I was trying to make the point, that unlike other open source cms, drupal isn't so much focused in intigrating some basic modules in the distribution. how can you explain this policy? may be you core developers have some inlightening thoughts. in what ways does drupal try to be different from other cms systems? I am just seeking knowledge, no fights are needed. I already use drupal alot and is a big fan, and so no flaming is meant. as for registration, well, I already know that, but the trouble is that many users would register and never come back to the sight, but their accounts would still be active. I saw a module specific for 4.7 which automatically band users who exceeds some set time. I am still using 4.65 and I think I'd stick to it until somebody voulenteers to make goofy a php templet theme. again, thanks for taking the time to answer. regards, mohammed. ----- Original Message ----- From: Larry Garfield To: support@drupal.org Sent: Sunday, March 12, 2006 11:22 PM Subject: Re: [support] questions
On Sunday 12 March 2006 08:56, Mohammed al-shar' wrote:
hello all.
1st, once drupal 4.7 becomes a reality, will version 4.65 still be
supported? and for how long? what is the policy.
Current policy is that a release is given legacy support for one release. That is, 4.5.x is supported now and will be until 4.7 is released, 4.6 is the current stable and will be supported until 4.8 is released, 4.7 will soon be stable and will be supported until 4.9 is released, etc. (Of course, we could skip numbers, but you get the idea.) "Supported" in this case means "gets security patches periodically". 4.7 is also going to get non-breaking-things bug fixes too, if I recall its release maintainer correctly.
2nd, I see that drupal
already is a powerful platform and has been maintained for long, yet, I
must say I don't like the attitude of some of the core developers "if you
don't like it, creat it" or something of the sort. I am saying this
because, we drupal users deserve to get basic functionality available in
drupal, like a web-link directory, a more secure guestbook, a faq, etc. not
all of us know how to code modules.
There's nothing Drupal specific about that. Any volunteer-based open source project has the same statement: "We write what we feel like, or what someone pays us to write." No developer owes you something unless you've given or agreed to give him something in return; that could be money, could be time spent reviewing patches, could be time spent writing documentation, could be time spent answering questions on the forums... There's lots of ways you can do a tit-for-tat with open source developers, but very few will give you a tit without getting some tat in return.
Talking about how you "deserve" their time and energy without offering something in return for it is a sure-fire way to get them upset and make them not want to do anything you ask for.
That's still more than you get with any proprietary program, where "give us money and maybe we'll think about it if the marketing execs decide to" is the only option.
3d, is there a way we could make the
registration to drupal based sites more secure, mainly by making users have
to activate their accounts via email, like most other cms? please, don't
say captcha. thanks in advance.
mohammed.
Users already have to go to their email to get their initial password. If you want more restrictive accounts, you can set Drupal to require admin approval of new accounts before they become "real". Is that sufficient?
(If you're trying to avoid spambots, then a "click here to activate your account" link in an email is no more secure than emailing the password in the email. Both are easily scrapable by a bot that can then use either one to fake its way in.)
--
Larry Garfield AIM: LOLG42
larry@garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson
------------------------------------------------------------------------------
-- [ Drupal support list | http://lists.drupal.org/ ]
On Sunday 12 March 2006 16:06, Mohammed al-shar' wrote:
larry, thanks for answering. I do think some clerification is needed: in my second point I didn't mean to sound that firy, and I don't think anyone would get here if he / she doesn't already understand the spirit of open source software. I was trying to make the point, that unlike other open source cms, drupal isn't so much focused in intigrating some basic modules in the distribution. how can you explain this policy? may be you core developers have some inlightening thoughts. in what ways does drupal try to be different from other cms systems? I am just seeking knowledge, no fights are needed. I already use drupal alot and is a big fan, and so no flaming is meant.
It's a question that we've been getting more and more as Drupal has exploded in popularity in the past year, so a lot of people have gotten sensitive to it. :-) Lots of people "get here" without understanding the first thing about open source development.
Also, I should clarify that I'm not a major core developer. I work on core at times and have gotten some code in, but I'm very much one of the "little people" at this point.
That said, Drupal isn't a CMS in the sense of something like Mambo. It's not, nor is it designed to be, a fully-polished drop-in-and-go glitzy CMS. Drupal is sort of half CMS, half application framework. A LOT of work goes into the underlying technology and plumbing that enables higher-level stuff to be done by contrib modules rather than actually building those contrib modules. That's left for the next layer up of developers and users. There are one or two Drupal offshoots like CivicSpace that do ship a more "polished" version of Drupal. Think Debian vs. Ubuntu. :-)
As for the current list of what's in core, I couldn't tell you the specific reasoning behind them as that's before my time. I do know that the direction people seem to want to push is to have *fewer* modules in core by default, but make it easier to install contrib modules. That allows for much leaner, customized installs tailored to the needs of an individual site.
Drupal's "big people" have also had a backward-compatibility policy of "Backward what?" Rather than make 4.7 compatible with 4.6 modules, 4.7 is the best that 4.7 can be and then includes well-honed scripts (still being honed <g>) to upgrade a 4.6 site to 4.7. Modules can then be upgraded when their developers get to it, but they have to get to it. There are pros and cons to that attitude, a discussion I am not going to get into at the moment. :-)
as for registration, well, I already know that, but the trouble is that many users would register and never come back to the sight, but their accounts would still be active. I saw a module specific for 4.7 which automatically band users who exceeds some set time. I am still using 4.65 and I think I'd stick to it until somebody voulenteers to make goofy a php templet theme. again, thanks for taking the time to answer. regards,
I couldn't tell you about goofy. One probably could make a similar module for 4.6 without a great deal of difficulty, although I've not looked into it in depth. If that modules does what you need, my guess is it could be back ported without an enormous hassle. That's something you'd have to ask its developer about, who may or may not be interested in doing so himself.
Hello, Mohammed,
The following answers reflect my understanding of how Drupal works. Really, the only person capable of specifically defining policy is Dries. But hey, I could be wrong about that too :)
RE 1: The current practice is the current released version, plus security updates for the past version. So, when 4.7 is released, 4.6.5 will still be supported, and 4.5.x will no longer be supported.
RE 2: This is very much my opinion. Within the Drupal community, users have the right to suggest, but not the right to demand. Drupal is a great CMS precisely because of the development work that goes/has gone into developing and maintaining core. Users don't have the right to demand that a developer's volunteered hours be spent fixing/creating feature "x". If an end user feels strongly enough, they can hire a developer to code the feature they want, or even organize a bounty to help fund the development. Because Drupal is so good, it's easy to overlook that it has been created -- and continues to be developed -- largely through unpaid volunteer hours.
RE 3: This is currently how Drupal works. The default account creation involves a user signing up, receiving an email with their initial password. They can only sign in with the password they received via email. The logintobbogan module allows you to bypass that, but the default account creation requires a user to verify their registration via email.
To re-emphasize, my answers here reflect my understanding of the process within Drupal. The way it actually *is* could be very different.
Bill
Mohammed al-shar' wrote:
hello all. 1st, once drupal 4.7 becomes a reality, will version 4.65 still be supported? and for how long? what is the policy. 2nd, I see that drupal already is a powerful platform and has been maintained for long, yet, I must say I don't like the attitude of some of the core developers "if you don't like it, creat it" or something of the sort. I am saying this because, we drupal users deserve to get basic functionality available in drupal, like a web-link directory, a more secure guestbook, a faq, etc. not all of us know how to code modules. 3d, is there a way we could make the registration to drupal based sites more secure, mainly by making users have to activate their accounts via email, like most other cms? please, don't say captcha. thanks in advance. mohammed.
------ http://www.funnymonkey.com Tools for Teachers