Drupal Long Term Support - D6 and Beyond

The popularity of Drupal 6 combined with potentially difficult upgrade paths to Drupal 7 and 8 left many sites in a situation where backporting core and contrib security fixes was their best option after Drupal 6 went end of life. The Drupal Security Team selected three vendors to be responsible for releasing Drupal 6 patches by reviewing security issues as they are found for Drupal 7 and 8. This long term support ("LTS") has allowed many Drupal 6 sites to continue running for over a year since the D6 EOL.

This session will review the D6 LTS process and lessons learned since D6 was EOL'd. Additionally, we will look at options for dealing with Drupal 7 LTS, and LTS support of Drupal 8 point releases once they are no longer supported by the community.

Overview of Drupal 6 LTS

• Drupal Security Team selection process led to three approved vendors to provide D6 LTS support.
• Vendors collaborate with the Drupal Security Team to analyze potential security issues found in D7 and D8 core and contrib, and apply those to Drupal 6 as needed.
• Vendors post all released patches publicly at https://www.drupal.org/project/d6lts
• If a security issue is found in a D6 module there may not be a patch released if that module isn't in use by any clients of the approved vendors.

As part of a core conversation, we'd like to discuss details of D6 LTS and reflect on what lessons we can learn and how we, as a community, can apply those to the D7 EOL and to D8 and beyond.