[development] Slight API change in 4.6.10 and 4.7.4

inkfree press inkfree at gmail.com
Thu Oct 19 14:59:50 UTC 2006

"Greg Knaddison - GVS" wrote:

> On 10/19/06, inkfree press <inkfree at gmail.com> wrote:
>> Any methods suggested for determining which modules will break is
>> appreciated.
> Well, in Heine's original message he linked to:

>> Converting...

Thanks.  I suppose the word "Converting..." stopped me, since I am not a
module developer.  I did not think more closely that this would also provide
a general overview for module users (i.e., site admins)  (which it
may...I'll read more closely now.)

> I believe a list of affected modules is coming from the security team soon.


That would really seem like information which should have been prepared
before the release, and then submitted or posted along with the update.  I
know this is the 'dev' list, and so converting modules and such is important
for readers of this list.  However, from a "user"/"administrator" point of
view, "converting" modules is not on the radar.

I would suggest "Updating and Converting..." instead of "Converting..." for
future security releases.

If a security update will _break a site completely_ then it seems prudent to
include that information _right away_ so that folks don't go all willy-nilly
updating when it's not a priority or when the benefits are not greater than
the breakage which might occur.  [It sounds, from the announcements, that
the threat is so statistically impossible that it does not merit a
'Moderately critical' flag...which is a nonsensical phrase anyway.
Something is either 'critical' or it is not, but it can not be "moderately
critical".  Perhaps it could be "moderately likely". Anyway, enough on this
for this list. I digress.]

Thanks to the security team for keeping things safe.  We all _really do_
appreciate the work and the effort.  (My mild complaints or observations
about the announcement do not discount this work or the appreciation.)

I did (just now) subscribe to the security announcement list, so that if I
have any comments I can make them in a more appropriate place.

I do not think I will apply this update to any of our Drupal 4.7.3 sites,
since my understanding from the announcement is that the actual convergence
of events needed to make any exploit is statistically unlikely...or at least
so negligible as to not be worth the breakage which has been foretold.

Thanks, Greg, for pointing me to some early reading.

More information about the development mailing list