[development] Security releases and the update status module
gerhard at killesreiter.de
Sun Oct 21 11:54:33 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
the update status module has introduced a new mechanism for updating
everybody's Drupal site. It tells you when a new version becomes
available and warns you when you don't install security releases.
One issue that has so far not been addressed is: What happens if a
module has two branches and there is a security release for one of
This situation existed with the pathauto module. It has a 5.1 release
and a 5.2 development branch with a beta release. There was a security
issue found on the 5.2 branch and a security release was created for
it. Unfortunately, since the 5.2 branch was made the default branch,
every 5.1 user got told to upgrade to the beta release.
This is confusing for less tech savvy users since a beta release is
usually perceived to be unstable (even though Greg tells me the 5.1
release is actually quite buggy too).
So, what I am asking for is this: Can we agree that in the absence of
a "real" release, a branch should not be made the default branch?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the development