Drupal 6 End-of-Life: What happened? What can we learn for the future?


The Drupal project has a long tradition of only supporting the two most recent, stable versions of core (currently that Drupal 7 & 8).

It was on February 24th, 2016 that support for Drupal 6 was officially dropped (including support from the Drupal Security Team).

There were a number of unprecedented things about Drupal 6's End-of-Life (EOL):

  1. People actually, like, cared! When Drupal 5 (and earlier versions) were End-of-Lifed, no one made a peep. However, when Drupal 8's release was getting close (which meant Drupal 6's EOL was coming as well) a number of people in the community got quite upset at the "sudden" loss of support.
  2. The EOL was postponed three months. Due to #1, for the first time, the Drupal Security Team supported three versions of Drupal (6, 7, & 8) at once.
  3. Official Long-Term Support vendors were selected to continue security support after EOL. The Drupal Security Team sent out a call for applications by vendors to become official Drupal 6 LTS vendors, and ultimately, three vendors were selected: Acquia, Tag 1, and myDropWizard (a company I co-founded).

As both a member the Drupal Security Team and a representative of one of the Drupal 6 LTS vendors, I'd like to lead a conversation to discuss the following questions:

  • Did we do the right thing extending support for Drupal 6 by three months?
  • How has security support for Drupal 6 gone after the EOL?
  • Was selecting Drupal 6 LTS vendors the right thing to do, ie. did it solve the desire in the community to support Drupal 6 for longer?
  • How can we do better next time, ie. when Drupal 7 reaches it's EOL in 2-3 years time?

Come and join the discussion!

Session Track

Core Conversations

Experience Level


Drupal Version

When & Where

Tuesday, 25 April, 2017 - 17:00 to 18:00
318 - New Target