[development] Here is how you can get 4.5 security patches

Laura Scott laura at pingv.com
Sun May 28 01:44:24 UTC 2006

I would like to add my +1 for Liza's perspective in this discussion.  
I'm a big believer in providing context, rather than censoring or  
restricting availability. A simple archives area with older releases  
seems like an easy way to move them off the active table, while not  
burying them under arcane and splintered cvs repositories. This is  
standard practice for many FOSS projects out there, and hardly an  
extraordinary request. (I can imagine the guy who "wakes up" one day,  
deciding to upgrade Drupal 4.3 and learning he needs to upgrade one  
major release at a time, but that those releases aren't available  
except in something called "cvs". While the Spreadfirefox lesson is  
hard-learned, there is something to be said for such passive  
provision for the clueless, sleepy or too-preoccupied site admins.) I  
don't believe the mere existence of tarballs implies support --  
especially if they're only available from a clearly marked page.


In the interest of being proactive, I also just added a handbook page  
that endeavors to make clear to n00bs considering Drupal that Drupal  
is about cutting edge, and that what enables Drupal to be as great as  
it is is the lack of marriage to backwards compatibility.

The page is here: http://drupal.org/node/65922 (Mentioned here as an  
FYI. I already noted it on the docs list.)

I think a lot of the angst expressed out in the field (not by Liza)  
about having to upgrade older releases could be avoided in the future  
by a simple and clear caveat emptor message in the handbook.


On May 27, 2006, at 7:05 PM, blogdiva at culturekitchen.com wrote:

> Karoly,
> I never demanded that you or any other developer to support 4.5. I  
> never even said you needed to support it.
> Let me clarify my comments : What I meant was, move it to an  
> archived area where people can see the whole history and  
> progression of Drupal. Keep it there with big blaring red letters  
> anyway so people can look at the structural aspects of it --and in  
> the event they need anything during an upgrade, at least have the  
> files available.
> These archives and this information is not for you or any of the  
> current developers. it's not just FOSS products that keep archival  
> reference to their product development. Many proprietary products  
> do so as well. This is for future users and coder and the community  
> in general to learn the product's history and development. Why do  
> you want to make it hard for people to get to this information?
> What I believe Drupal needs is to make it easy for the community to  
> take care of each other and the product. Steps are already in place  
> like the amazing strides people have taken with documentation. I  
> don't really expect you of all people to offer me any help people  
> to upgrade from 4.5.  But there may be others in the community who  
> would and will. So let it be.
> It is really important for developers like you to take a step back  
> and get out of the organic development of your product's community.  
> Your attitude is an obstacle in this natural progression and is not  
> good for Drupal's product development. It is certainly not good at  
> all for its reputation.
> / liza
> On  27.May.2006, at 03:07 PM, Karoly Negyesi wrote:
>> Hi,
>> I am shocked by the demands to support 4.5. Do not forget that you  
>> are not paying Drupal developers to do anything. You are not my  
>> boss. Nor anyone else's. On what base do you demand? On the amount  
>> of contribution you made to Drupal over time? I have yet to see  
>> any such contributor (note: I said contributor, not coder.) who  
>> demands this.
>> Therefore, the solution is very simple: if you are running 4.5 and  
>> do not want to update, find others in the same situation and hire  
>> an able coder who will provide the security patches for you. We  
>> will consider adding said person to the security team and some  
>> guidance will be providded, but please do not expect too much from  
>> our side.
>> Case closed.
>> Kind regards,
>> Karoly Negyesi
>> Ps. While I sometimes work for money, do not consider me. The less  
>> 4.5 code I need to touch, the better for me. Money won't change this.

More information about the development mailing list