Feed aggregator

Joining The Day We Fight Back

Drupal Home - Mon, 02/10/2014 - 19:20

Free Software is not just about saving money. It's not just about sharing for sharing's sake. Free Software, at its core, is about empowering people. It is about ensuring that everyone has ultimate control over their own electronic lives, because the software that runs their electronic lives is under their control and not someone else's.

How do you know your computer is doing what you tell it to, and not someone else? How do you know your phone is only recording what you tell it to record? How do you know your files are only being read by you? How do you know your refrigerator isn't reporting on your diet to someone else?

The only way to be sure is to have the source code so that you or someone you trust can verify that it is doing only what you tell it to and your electronic tools are not secretly acting for someone else. Free Software is all about ensuring an individual's personal digital sovereignty, free from unwanted or secret invasion from anyone -- other people, corporations, or governments.

The entire point of sharing source code is so that individual people and organizations can ultimately have control over their own equipment, information, and digital lives. In many ways it is about privacy: The security to know that your data is accessible to you, and your computer is used by you, and only you, unless you decide otherwise.

Recent revelations, however, have shown that people's digital sovereignty is under even more attack than before. Both the American and British governments have been found violating the digital privacy of millions of people in their own countries and around the world. That is exactly the sort of attack on individual digital sovereignty that Free Software was created to combat.

As a leading Free Software project, the Drupal Community opposes such privacy invasions. We believe it is our ethical duty to stand with The Day We Fight Back and others who oppose such violations of individual digital sovereignty. We encourage all people, all over the world, to take a stand for digital freedom. If you are in the United States you can use the banner at the bottom of this page to locate and contact your Congressional representatives and tell them to oppose further infringement of individual privacy rights and to force the NSA and similar agencies to obey the law in both letter and spirit.

Categories: Drupal

Drupal 7.26 and 6.30 released

Drupal Home - Wed, 01/15/2014 - 15:59

Drupal 7.26 and Drupal 6.30, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.26 and Drupal 6.30 release notes for further information.

Download Drupal 7.26
Download Drupal 6.30

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.26 is a security release only. For more details, see the 7.26 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.30 is a security release only. For more details, see the 6.30 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.26 and 6.30 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.26 or Drupal 6.30.

Known issues

(Drupal 7 only) On sites with a very large number of unpublished nodes in the database, the Taxonomy module update function introduced in this release may take a very long time to run and consume an excessive amount of memory. A fix is available in this issue and will be included in the next bug fix release of Drupal core. Sites which need the fix sooner can apply the patch from that issue to their Drupal 7.26 sites.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: Drupal

Predictions for 2014

Drupal Home - Tue, 01/14/2014 - 05:26

4877. That is where the tradition within the Drupal community of making predictions for the year ahead with regards to our software, our community and broader, the web, started. Node 4877, written at the end of the year 2003. We have come a long way since then.

This year we would like to know what you think the year ahead will bring for Drupal and, as a bonus, we would like to know what was the best prediction you found in the past. Where did we shine when it comes to vision or humor.

See older entries from 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 and 2013. Read them.

And now predict for 2014 and reflect the last decade in this thread.

Categories: Drupal

Drupal.org Downtime: Jan 13th 5PM PDT (1:00 UTC)

Drupal Home - Sun, 01/12/2014 - 19:01

Drupal.org will be going down for up to 1 hour Monday, Jan 13, 17:00 PDT (Jan 14, 1:00 UTC). This maintenance window will be used for routine Drupal updates, which need to alter large tables. Single sign on for sub-sites (api.drupal.org, groups.drupal.org, etc) will be down; they will otherwise remain available. Please follow the @drupal_infra Twitter account for updates during the downtime. Thanks for your patience!

Categories: Drupal

Drupal.org Downtime: Jan 8th 5PM PDT (1:00 UTC)

Drupal Home - Tue, 01/07/2014 - 15:59

Drupal.org will be going down for up to 2 hours Wednesday, Jan 8, 17:00 PDT (Jan 9, 1:00 UTC). This maintenance window will be used to improve the speed of issue queues. Single sign on for sub-sites (api.drupal.org, groups.drupal.org, etc) will be down; they will otherwise remain available. Please follow the @drupal_infra twitter account for updates during the downtime and thanks for your patience!

Categories: Drupal

Drupal 7.25 released

Drupal Home - Thu, 01/02/2014 - 20:48

Update: Drupal 7.26 is now available.

Drupal 7.25, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.25 release notes for a full listing.

Download Drupal 7.25

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.25 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.24 and 7.25 releases can be found by reading the 7.25 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.25 release notes for details on important changes in this release.

Known issues

Changes to Drupal's page caching system in this release caused an incompatibility with the Authcache module (see this issue). The solution is to upgrade to Authcache 7.x-1.7 or higher.

Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: Drupal

Drupal Association is hiring CTO

Drupal Home - Sun, 12/29/2013 - 15:46

The Drupal Association, with the help of a Search Committee comprised of Board and Advisory Board members, is beginning a search for a Chief Technical Officer (CTO) for Drupal.org (not the Drupal software project). The CTO will fill a critical role for the both the Association and the community, working at the strategic level with the Drupal.org Working Groups to build a roadmap for Drupal.org, create and manage processes critical to the success of the site (including security and disaster recovery), and ensure that Drupal.org roadmaps are met. A CTO role ensures that Drupal.org has the technical and strategic oversight needed to drive improvements and innovations. Specifically we want to ensure that we have the best platform for developers, community involvement, and critical revenue-generating opportunities.

The CTO is the first of several hires we will make over the course of the next few months to significantly increase our ability to improve the experience of Drupal.org for our many constituents. These hires will include more development and devops bandwidth, among other things. In short, this is a really exciting time to work on Drupal.org!

We're asking for your help to find the right person for this role. We're looking for someone with strong product management skills, a community player who can work with our broad base of remarkable volunteers, and the experience to guide and manage our development, infrastructure and operations teams. Please review and share the Drupal Association CTO Job Description.

We've also included a little more context below if you want to learn more. And, if you have any questions, please feel free to contact Holly Ross.

Why a CTO? Isn’t that a bit much for our needs?

Our focus at the Association in 2013 has been re-aligning Association resources to bring more support and funding to our community’s most important asset: Drupal.org. During the last 9 months, we've begun diversifying our revenue streams so that we can scale our income and provide more funding for Drupal.org projects. We launched Working Groups to manage the strategic direction and policy setting we need to make good decisions for the site. Most recently, we hired a Technology Manager for the Association so that our limited technical staff can focus more fully on Drupal.org.

In 2014, we are planning for an even more dramatic shift, bringing on engineering and infrastructure staff to pay off years of technical debt and begin to move the site forward with new developer tools, better site performance, and strong security practices. We’re incredibly excited to help the community move Drupal.org forward and really meet community needs. We see the CTO role as essential to making this happen. It sets us up to proactively address Drupal.org needs at a strategic level - forecasting necessary changes before they become critical problems.

Isn’t this the role of the Working Groups?

Yes - the Working Group charters put them in charge of direction-setting and strategy for the sites. We anticipate that the CTO will work closely with the Working Groups to coordinate their work and ensure that those decisions are translated into a cohesive roadmap. Additionally, the Working Groups are not designed to implement the roadmap. The CTO will oversee the team that does that - either in-house, using 3rd party tools, through contractors, with volunteers, or a combination of these options.

Are you going to hire from within the community?

We are certainly going to look within the community. We will also look outside the Drupal community. The committee seeks a candidate who brings a breadth of experience and knowledge regarding open source community sites.

Is this a technical role or a business role?

We expect that the right candidate will have equal parts technical chops and business savvy. We are not expecting the CTO to write production code, but the CTO will have to know how to do that so that they can manage it well. Additionally, the CTO will need to understand business problems and how technology can be strategically deployed to meet those needs.

Where will the position be based?

Ideally, in Portland, OR, at the Drupal Association headquarters. We know however, that this is likely unrealistic as a hard and fast constraint, and will encourage applicants from around the globe.

Categories: Drupal

Drupal 6 to stop supporting PHP 4 on March 1st 2014

Drupal Home - Wed, 12/18/2013 - 13:01

Drupal 6.0 was released almost 6 years ago in February 2008. The Drupal community is committed to release Drupal 6 bugfixes until Drupal 8.0 is released and with recent changes provide security fixes much longer.

The hosting and development landscape was very different in 2008 though. PHP has gone a long way since we released Drupal 6. While Drupal 6 is still supported on PHP 4.x, the PHP developer community itself end-of-lifed PHP 4 just half a year after Drupal 6.0 came out. According to public statistics and data available to us about Drupal 6 sites, we estimate that there is a very small number of Drupal sites which may still run on PHP 4. We also don't believe it is in our best interest to support Drupal 6 on a possibly insecure but definitely unsupported base system, so we discussed and decided to drop support for PHP 4 on March 1st 2014.

If you are running a Drupal 6 site on PHP 4.x, we suggest you look at your hosting situation as it is likely there are other outdated (and possibly insecure) components involved in your environment as well. For the secure operations of your site, we suggest you look at other hosting options. We suggest to look for hosting with at least PHP 5.2.4 (same as Drupal 7's oldest supported PHP version).

While we don't plan to deliberately introduce PHP 5 constructs in Drupal 6, this change also lets contributed module developers to use PHP 5 more easily in their code.

Front page news: Drupal NewsDrupal version: Drupal 6.x
Categories: Drupal

Michael Hess new Security Team Lead

Drupal Home - Tue, 12/10/2013 - 11:16

Back in November of 2011, I appointed Greg Knaddison to lead the Drupal Security Team, for a term of two years. In that time, Greg has done a tremendous job helping the Security Team scale. November 2013 ends the term that Greg and I agreed to, Greg is now stepping down as team lead.

I'm pleased to share that Michael Hess (mlhess on Drupal.org) has accepted my invitation to become the new Security Team lead. For those who don't know Michael, he is an adjunct lecturer and a Solution Architect Lead at the University of Michigan. He teaches courses on content management platforms, particularly focusing on Drupal, oversees the functionality of several campus websites, and serves in a consulting and development role for other departments within the University of Michigan. He has been a member of the Drupal Security Team for 3 years and a member of the infrastructure team for 2 year.

As the Drupal Security Team lead, Michael will be the point person for the team. He'll be responsible for coordinating the Security Team's activities and for making decisions when consensus doesn't arise. Michael wants to move the team into more of an advisory and preemptive role, rather than a response function. In addition, he wants to continue to scale the security team (e.g. by working on building better and more automated tools, providing better metrics, etc).

Please join me in thanking Greg for all the great work he has done over the past two years, and in welcoming Michael as the new team lead!

Front page news: Drupal News
Categories: Drupal

Drupal 7.24 and 6.29 released

Drupal Home - Wed, 11/20/2013 - 17:00

Update: Drupal 7.25 and Drupal 6.30 are now available.

Drupal 7.24 and Drupal 6.29, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.24 and Drupal 6.29 release notes for further information.

Download Drupal 7.24
Download Drupal 6.29

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.24 is a security release only. For more details, see the 7.24 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.29 is a security release only. For more details, see the 6.29 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.24 and 6.29 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.24 or Drupal 6.29.

Update notes

See the 7.24 and 6.29 release notes for manual update steps and other details on important changes in this release.

Known issues

For a while after the release, sites running certain versions of Drupal core may have seen an erroneous message from the Update Status or Update Manager module recommending that they update to Drupal 6.27 or Drupal 7.19, rather than the actual latest security release. This appears to be an issue related to the drupal.org Drupal 7 upgrade which has since been fixed; see this issue for further details.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: Drupal

Drupal.org D7 upgrade live!

Drupal Home - Fri, 11/01/2013 - 07:40

If you are reading this announcement right now, then we did it! Drupal.org runs on Drupal 7! This was a big and complicated project, which took longer than we expected. But we are finally done!

What changed?

Our goal was a straight port to Drupal 7 without major changes to functionality or layout, but with greatly improved code under the hood. However some things did change, please see Drupal.org D7 F.A.Q. for details. Overall Drupal 7 gives us more flexibility to implement new features and there will be a boost in performance for some of the pages.

NOTE: issues are still being indexed, listings and searches will show incomplete results till the indexing is done.

What’s next?

There probably will be some bugs. If you encounter something unusual, please check the Drupal.org D7 F.A.Q. first. It may be that the change was intentional. If you are sure that you found a bug, please use the D7 upgrade QA queue to report them.

* * *

The only thing we really want to say now is.. let’s party THANK YOU!

Thank you to all of you for being patient with us during this long project. We know it took longer than anticipated and there were some bumps along the way. Our only goal throughout the project was to make Drupal.org better for all of you.

Thank you to all our fantastic contributors. There are so many of them, we even have a special page. Thank you:

Andrei Mateescu / amateescu
Joel Moore / banghouse
Rudy Grigar / basic
Brandon Bergren / bdragon
Tom Behets / betz
Bojhan Somers / Bojhan
Chi / Chi
Ian Carrico / ChinggizKhan
Nell Hardcastle / chizu
Karoly Negyesi / chx
Bill O'Conner / csevb10
Dave Reid / davereid
David Strauss / David Strauss
Meghan Palagyi / dead_arm
Dave Fletcher / dfletcher
Derek Wright / dww
Melissa Anderson / eliza411
Frank Baele / frankbaele
Greg Lund-Chaix / gchaix
Greg Knaddison / greggles
Dylan Tack / grendzy
Jose Marquez / hackwater
Michael Halstead / halstead
Herman van Rink / helmo
Chad Phillips / hunmonk
Jason Savino / jasonsavino
Jonathan Hedstrom / jhedstrom
Jennifer Hodgdon / jhodgdon
Jeremy Thorson / jthorson
KS Sundarajan / ksbalajisundar
Lewis Nyman / lewisnyman
Mark Pavlitski / markpavlitski
Marco Villegas / marvil07
Michael Prasuhn / mikey_p
Mitchell Tannenbaum / mitchell
Nick Veenhof / nick_vh
Narayan Newton / nnewton
Theodore Biadala / nod_
Pradeep Kumar / pradeeprkara
Peter Wolanin / pwolanin
Robert Ristroph / rgristroph
Chris Ruppel / rupl
Sam Boyer / sdboyer
Joel Farris / Senpai
Sam Richard / snugug
Venkata Suresh / sachin2honi
Howard Tyson / tizzo
Tyler Ward / twardnw
Angela Byron / webchick
Steve Edwards / wonder95
Roy Scholten / yoroy

Thank you to the Drupal Association Supporting Partners, who gave us the funding required to make the upgrade happen.

We couldn’t have done this without you!

/ drumm & tvn

Front page news: Planet Drupal
Categories: Drupal

Drupal.org downtime: 31st of October 2013, 15:00 UTC (08:00am PDT)

Drupal Home - Mon, 10/28/2013 - 15:28

The Drupal.org D7 upgrade launch is confirmed. Today is Monday, 28th of October, we have 0 launch blocking issues and performance tests are looking fine. Therefore, we are going to launch on Thursday, October 31st, 2013.

What will the launch process be like?

Drupal.org will be down for approximately 24 hours during deployment. It will be replaced by a static page with a download link for the latest Drupal release available. Sub-sites will stay online, but with user logins disabled. Both updates.drupal.org and ftp.drupal.org will stay online. drush make / dl will work fine, update status module as well.

We will start deployment around 15:00 UTC on October 31st. We expect the site to be back up by 15:00 UTC on November 1st.

We realize this will be a significant inconvenience for users who rely on Drupal.org, and will try to minimize downtime as much as possible.

What if there are problems? Do you have a backup plan?

Yes, we do. If we encounter significant problems during migration, we will roll back to the Drupal 6 version of Drupal.org and restore with a backup made right before migration started.

How can I find out what’s going on during deployment?

Twitter accounts to follow are @drupal_org and @drupal_infra . IRC channels: #drupal and #drupal-contribute.

What changes will I experience when the site comes back online?

You can find information about the changes in functionality or UI in the Drupal.org D7 F.A.Q. Most pages on the site won’t change as far as layout or functionality. Our goal for this project was a straight port from Drupal 6 to Drupal 7. The only place where you will see significant UI changes is the issue page. This blog post explains what is changing on the issue page and why in detail. In general Drupal 7 gives us more flexibility to implement new features and there will be a boost in performance for some of the pages.

Why aren’t we waiting and upgrading to Drupal 8 once it releases?

The Drupal 7 upgrade began in March 2012. The upgrade took longer than we anticipated due to a variety of reasons that include the scale and complexity of Drupal.org and resource contstraints. We decided to push ahead and complete the Drupal 7 upgrade so Drupal.org can be on the latest release of Drupal, and so we can use the learnings in future upgrades.

Categories: Drupal