Best practices for deprecating old module/adding new release

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
Charles Belov's picture

I'm wondering what is the best practice for creating new releases of modules and deprecating the old version, in terms of maintaining security while the new version proceeds to release status. I'm asking this as a Drupal newbie.

I'm not trying to call anyone out. This is a general question that applies to any module.

It's just that while I was looking for a calendar module, I stumbled across the Calendar Module.

As of this posting time, Jan. 26, 2012, 1:30 p.m. PT, the version status is that 7.x-3.x is a complete rewrite of the code and 7.x-2.x is deprecated. Only the 7.x-3.x version is being made available for download.

The only trouble is that 7.x-3.x is an alpha version, and my understanding is that alpha versions don't get security notifications from the Drupal Security team.

Wouldn't it be best practice to keep the previous 7.x-2.x version available and not deprecate it until 7.x-3.x has gone to release status and thus is covered by the Drupal Security team?

There's a similar, if lesser, issue with Views in that Views has been released, but it is dependent on CTools which is still in release candidate.

Sanity check here, please and thank you. I work with a government website and security is important to us.

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: