How to effectively maintain and release your Drupal contributions

SESSION OVERVIEW
The creator and maintainer of Drupal’s release management infrastructure will explain the system, provide tips and tricks for safe and happy contributing, and answer any lingering questions or doubts about the process.

AGENDA

While the core Drupal framework is a fantastic piece of software, just about everyone who has ever tried to build a site realizes that you almost always have to use some of the contributed add-on modules or themes. One of the great things about Drupal is the huge community of developers sharing their code and maintaining these additional contributions that make Drupal function in a wide variety of settings.

Unfortunately, not all modules and themes are created (or maintained) equally. Some are written by very skilled developers who provide updated releases with the utmost care. Others are poorly written, potentially full of security holes, and new releases happen haphazardly (if at all).

This session will help Drupal contributors (current and future) understand some of the ways to be a more responsible and careful maintainer of their contributions, without necessarily spending more time and energy on it. This will include topics such as:

• What’s The Right Way(tm) to manage releases of your contribution?
  • Stable (bug-fix-only) releases vs. new feature development.
  • How official releases interact with the Update status module (now part of Drupal core for 6.x and beyond).
  • How should you decide when to make a new official release?
• Strategies for using CVS effectively.
  • Dealing with branches and tags.
  • What should you use the “HEAD” branch for?
  • Merging changes and backporting fixes.
• Dealing with security issues in your contribution:
  • Brief introduction to writing secure code (and where to learn more about it).
  • How to deal with a security issue that you discover.
  • How to handle a security problem reported to you from someone else.
  • How to interact with the Drupal Security Team to resolve the problem, create new releases, and publish a security announcement (SA).
• Why good documentation is so important (and saves you time in the long run).
• How to operate your issue queues.

There will hopefully be lots of time for questions and discussion, so if you have specific examples or scenarios to discuss, please bring them to share with the other participants.

GOALS
By the end of this session, you will feel confident managing releases for your Drupal contributions, any confusion or uncertainty will be gone, and you’ll better understand how to use all the tools that drupal.org provides to keep you and the users of your contributions happy and effective.

RESOURCES
While not required, attendees might find the following additional resources useful:

• http://drupal.org/handbook/cvs
• http://drupal.org/handbook/cvs/releases
• http://drupal.org/handbook/cvs/quickstart
• My informal take on using the new release system (post by Earl Miles a.k.a. merlinofchaos).
• Lullabot Podcast #28: Derek Wright and the Drupal Release System
• How to Develop and Maintain your Drupal Contribution, the talk I gave at BADCamp 2007 (the Bay Area Drupal Camp), including the audio transcript of the talk.