How to Develop and Maintain your Drupal Contribution
Session Description
While the core Drupal framework is a fantastic piece of software, just about everyone who has ever tried to build a site realizes that you almost always have to use some of the contributed add-on modules or themes. One of the great things about Drupal is the huge community of developers sharing their code and maintaining these additional contributions that make Drupal function in a wide variety of settings.
Unfortunately, not all modules and themes are created (or maintained) equally. Some are written by very skilled developers who provide updated releases with the utmost care. Others are poorly written, potentially full of security holes, and new releases happen haphazardly (if at all).
This session will help Drupal contributors (current and future) understand some of the ways to be a more responsible and careful maintainer of their contributions, without necessarily spending more time and energy on it. This will include topics such as:
- What’s The Right Way™ to manage releases of your contribution?
- Stable (bug-fix-only) releases vs. new feature development.
- How official releases interact with the Update status module (now part of Drupal core for 6.x and beyond).
- How should you decide when to make a new official release?
- Strategies for using CVS effectively.
- Dealing with branches and tags.
- What should you use the “HEAD” branch for?
- Merging changes and backporting fixes.
- Dealing with security issues in your contribution:
- Brief introduction to writing secure code (and where to learn more about it).
- How to deal with a security issue that you discover.
- How to handle a security problem reported to you from someone else.
- How to interact with the Drupal Security Team to resolve the problem, create new releases, and publish a security announcement (SA).
- Why good documentation is so important (and saves you time in the long run).
- How to operate your issue queues.
There will hopefully be lots of time for questions and discussion, so if you have specific examples or scenarios to discuss, please bring them to share with the other participants.
Session Presenter:
Derek Wright
Presenter Info
I first joined the Drupal community early in 2006 when I started using Drupal to build the website for the Brazilian percussion ensemble I direct, BateriaLucha.org. I now maintain and collaborate on many contributed modules, including the project module (which powers all of the issue tracking, release management, and revision control integration for drupal.org), the signup module, the update status module (now part of core), and others. I am a member of the Drupal security team, have contributed many patches to core, and am one of the CVS administrators for drupal.org. For more details, you can check out my drupal.org profile. For my day job, I've worked for over 10 years as an academic staff researcher on a distributed computing project based at the University of Wisconsin, Madison, called Condor (no, that's definitely not a Drupal site -- yet).
You must be logged in to vote on sessions.
Audio for the talk.
Wed, 11/07/2007 - 04:34 — dwwHere’s the audio I recorded of my session.
http://badcamp07.org/files/howto-maintain-drupal-contributions_dww.mp3
<hack type="utter">As a temporary measure until someone has a chance to do real diagrams or mockups of what I drew on the giant paper pad, I just took some digital photos of those pages to upload here. ;) Apologies for the messy writing, I was in a hurry and being a little careless…
</hack>UPDATE: