- 🇺🇸United States drumm NY, US
As of #3266927: End Install Profile Packaging on Drupal.org in August 2023 → , we are no longer packaging distributions which will contain insecure code in the long run.
As pointed out by webchick at #2137095-44: Should supported releases be shown on downloads table even if it contains insecure modules? If so, how? → it's not obvious to end users what to do in the case that the latest release of a given distribution contains insecure code. #2152549: Regression: restore color-coding for update status on packaged release nodes → would certainly help, but that's not the whole story. Quoting Angie:
But just to point out that it's not just the lack of colouring, it's also the total lack of direction on the release notes page that's the problem.
- I'm directed to release notes which don't actually say anything about security. That's in a table far below.
- In said table, I can't easily see what's secure/what's not (will be fixed by #2152549: Regression: restore color-coding for update status on packaged release nodes )
- When I see what's insecure, there's absolutely no direction on what to do about it. What is secure? How do I get those things into the distro I'm downloading?...all of that is on the available updates page. Maybe the follow-up, rather than wording tweaking, should instead be to make that table more useful a la the available updates page then?
Some possible ideas:
<div class="warning"> if it's not-secure). This warning could link to a handbook page about the situation (instead of trying to write a Wall Of Text(tm) there).Closed: outdated
2.0
Packages
As of #3266927: End Install Profile Packaging on Drupal.org in August 2023 → , we are no longer packaging distributions which will contain insecure code in the long run.