We dropped security support for Drupal 6 in February. What happened after that?
dsnopek
The Drupal project has a long tradition of only supporting the two most recent, stable versions of core (currently that Drupal 7 & 8).
It was on February 24th that support for Drupal 6 was officially dropped (including support from the Drupal Security Team).
There were a number of unprecedented things about Drupal 6's End-of-Life (EOL):
- People actually, like, cared! When Drupal 5 (and earlier versions) were End-of-Lifed, no one made a peep. However, when Drupal 8's release was getting close (which meant Drupal 6's EOL was coming as well) a number of people in the community got quite upset at the "sudden" loss of support.
- The EOL was postponed three months. Due to #1, for the first time, the Drupal Security Team supported three versions of Drupal (6, 7, & 8) at once.
- Official Long-Term Support vendors were selected to continue security support after EOL. The Drupal Security Team sent out a call for applications by vendors to become official Drupal 6 LTS vendors, and ultimately, three vendors were selected: Acquia, Tag 1, and myDropWizard (a company I co-founded).
As both a member the Drupal Security Team and a representative of one of the Drupal 6 LTS vendors, I'd like to lead a conversation to discuss the following questions:
- Did we do the right thing extending support for Drupal 6 by three months?
- How has security support for Drupal 6 gone after the EOL?
- Was selecting Drupal 6 LTS vendors the right thing to do, ie. did it solve the desire in the community to support Drupal 6 for longer?
- How can we do better next time, ie. when Drupal 7 reaches it's EOL in 2-3 years time?
Come and join the discussion!