[development] Fwd: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code

Earl Miles merlin at logrus.com
Fri Jul 28 02:56:17 UTC 2006

Adrian Rossouw wrote:
> We also need to tackle individual module versioning. Each and every  
> time a drupal.org module
> distribution package gets updated with any change whatsoever, a new  
> version needs to be created.

Dear god no. Developers need to be able to control the version numbers 
and stack releases. That's why there are dev (called 'nightly' in so 
many projects) builds and when devs are happy with it, they pull a 
release. I've never heard of a decent system that just forces automatic 
releases on you.

After how, how do release notes get written? How do you standardize an API?

Does Drupal Core work that way? Absolutely not, and if it did, everyone 
would hate it. Ew.

Contrib isn't second class.

More information about the development mailing list