[development] Here is how you can get 4.5 security patches

Larry Garfield larry at garfieldtech.com
Sun May 28 03:28:38 UTC 2006

I am not demanding that you support 4.5 forever.  I don't think I've ever 
demanded anything on this list, although I will sometimes suggest 
forcefully. :-)  4.5 itself is actually quite useless to me, as I first 
started using Drupal in the early 4.6 days and have never had a running 4.5 

I don't expect Drupal to provide support or patches for too-old releases.  
That wouldn't make sense.  At the same time, though, the revisionist history 
of expunging them from the web site is just as bad.  Lisa pointed out some 
practical cases where someone may still need access to an older version.  If 
they're already there on the site, don't remove them.  Flag them as "legacy, 
unmaintained, and insecure.  Don't use or you're dumb" instead.  

I'm referring mostly to older modules.  If someone already has a 4.5 site 
running, and want to add a 4.5 module to it that used to be available, why 
make it harder for him to get it now?  Just to make a point?

The other key point I am making is that "you can get it from CVS" is, for 98% 
of the computer using world, exactly synonymous with "no, we won't let you 
have it, ha ha!"  While almost anyone on this list either knows how to check 
out an older branch from CVS or can figure it out from the web site fairly 
easily, the same cannot necessarily be said for the majority of people 
running those 60,000 Drupal sites (or whatever the current number is).  
Saying "you can get it from CVS" to someone means saying "you're not 1337 
enough".  That's something you really don't want to say.

On Saturday 27 May 2006 14:07, Karoly Negyesi wrote:
> Hi,
> I am shocked by the demands to support 4.5. Do not forget that you are not
> paying Drupal developers to do anything. You are not my boss. Nor anyone
> else's. On what base do you demand? On the amount of contribution you made
> to Drupal over time? I have yet to see any such contributor (note: I said
> contributor, not coder.) who demands this.
> Therefore, the solution is very simple: if you are running 4.5 and do not
> want to update, find others in the same situation and hire an able coder
> who will provide the security patches for you. We will consider adding
> said person to the security team and some guidance will be providded, but
> please do not expect too much from our side.
> Case closed.
> Kind regards,
> Karoly Negyesi
> Ps. While I sometimes work for money, do not consider me. The less 4.5
> code I need to touch, the better for me. Money won't change this.

Larry Garfield			AIM: LOLG42
larry at garfieldtech.com		ICQ: 6817012

"If nature has made any one thing less susceptible than all others of 
exclusive property, it is the action of the thinking power called an idea, 
which an individual may exclusively possess as long as he keeps it to 
himself; but the moment it is divulged, it forces itself into the possession 
of every one, and the receiver cannot dispossess himself of it."  -- Thomas 

More information about the development mailing list