[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages
fix execution of arbitrary web script code
Earl Miles
merlin at logrus.com
Fri Jul 28 02:56:17 UTC 2006
Adrian Rossouw wrote:
> We also need to tackle individual module versioning. Each and every
> time a drupal.org module
> distribution package gets updated with any change whatsoever, a new
> version needs to be created.
Dear god no. Developers need to be able to control the version numbers
and stack releases. That's why there are dev (called 'nightly' in so
many projects) builds and when devs are happy with it, they pull a
release. I've never heard of a decent system that just forces automatic
releases on you.
After how, how do release notes get written? How do you standardize an API?
Does Drupal Core work that way? Absolutely not, and if it did, everyone
would hate it. Ew.
Contrib isn't second class.
More information about the development
mailing list