This site is archived.

How to effectively maintain and release your Drupal contributions

Platinum and gold sponsors

dww's picture
dww - Fri, 01/18/2008 - 6:53pm
Derek Wright
community and core
Proceedings Have Been Posted: 
Proceedings Have Been Posted
Session Description: 

The creator and maintainer of Drupal’s release management infrastructure will explain the system, provide tips and tricks for safe and happy contributing, and answer any lingering questions or doubts about the process.


While the core Drupal framework is a fantastic piece of software, just about everyone who has ever tried to build a site realizes that you almost always have to use some of the contributed add-on modules or themes. One of the great things about Drupal is the huge community of developers sharing their code and maintaining these additional contributions that make Drupal function in a wide variety of settings.

Unfortunately, not all modules and themes are created (or maintained) equally. Some are written by very skilled developers who provide updated releases with the utmost care. Others are poorly written, potentially full of security holes, and new releases happen haphazardly (if at all).

This session will help Drupal contributors (current and future) understand some of the ways to be a more responsible and careful maintainer of their contributions, without necessarily spending more time and energy on it. This will include topics such as:

  • What’s The Right Way(tm) to manage releases of your contribution?
    • Stable (bug-fix-only) releases vs. new feature development.
    • How official releases interact with the Update status module (now part of Drupal core for 6.x and beyond).
    • How should you decide when to make a new official release?
  • Strategies for using CVS effectively.
    • Dealing with branches and tags.
    • What should you use the “HEAD” branch for?
    • Merging changes and backporting fixes.
  • Dealing with security issues in your contribution:
    • Brief introduction to writing secure code (and where to learn more about it).
    • How to deal with a security issue that you discover.
    • How to handle a security problem reported to you from someone else.
    • How to interact with the Drupal Security Team to resolve the problem, create new releases, and publish a security announcement (SA).
  • Why good documentation is so important (and saves you time in the long run).
  • How to operate your issue queues.

There will hopefully be lots of time for questions and discussion, so if you have specific examples or scenarios to discuss, please bring them to share with the other participants.

By the end of this session, you will feel confident managing releases for your Drupal contributions, any confusion or uncertainty will be gone, and you’ll better understand how to use all the tools that provides to keep you and the users of your contributions happy and effective.

While not required, attendees might find the following additional resources useful:

Session start time: 
03/05/2008 - 3:30pm - 03/05/2008 - 4:30pm
Average: 4.8 (23 votes)
maintain-release-handout.pdf149.89 KB