I'm wondering what is the best practice for creating new releases of modules and deprecating the old version, in terms of maintaining security while the new version proceeds to release status. I'm asking this as a Drupal newbie.
I'm not trying to call anyone out. This is a general question that applies to any module.
It's just that while I was looking for a calendar module, I stumbled across the Calendar Module.
As of this posting time, Jan. 26, 2012, 1:30 p.m. PT, the version status is that 7.x-3.x is a complete rewrite of the code and 7.x-2.x is deprecated. Only the 7.x-3.x version is being made available for download.
The only trouble is that 7.x-3.x is an alpha version, and my understanding is that alpha versions don't get security notifications from the Drupal Security team.
Wouldn't it be best practice to keep the previous 7.x-2.x version available and not deprecate it until 7.x-3.x has gone to release status and thus is covered by the Drupal Security team?
There's a similar, if lesser, issue with Views in that Views has been released, but it is dependent on CTools which is still in release candidate.
Sanity check here, please and thank you. I work with a government website and security is important to us.