在不支持之后,Drupal 6将以安全的状态留下? -- 6 领域 和 security 领域 和 upgrading 领域 drupal 相关 的问题

Will Drupal 6 be left in a secure state after it becomes unsupported?


8
vote

问题

中文

我使用drupal 6 + 视图 + cck 对我公司的工作非常好,最近我必须将它迁移到另一台服务器。

我想"嘿,为什么不安装drupal 7然后转储数据库:然后我可以在迁移时将drupal升级到最新版本!"

结果是一个坏主意。 Drupal 7似乎没有丝毫的线索如何处理我给它的数据库信息。升级指南现在看起来非常耗时。

所以我的问题是:在不支持之后,司布6将以安全的状态留下?或者平台将弃用,易受攻击我的升级更加普遍升级?

英文原文

I created a custom database interface using Drupal 6 + Views + CCK that works really well for my company and recently I had to migrate it to another server.

I thought "Hey, why not install Drupal 7 and then dump the database in it: then I can upgrade Drupal to the latest version while we migrate!?"

That turned out to be a bad idea. Drupal 7 doesn't seem to have the slightest clue what to do with the DB info I gave it. And the upgrade guide looks very time consuming to me, right now.

So my question is: will Drupal 6 be left in a secure state after it becomes unsupported? Or will the platform become deprecated and vulnerable forcing an even more massive upgrade on me?

        

回答列表

8
 
vote
vote
最佳答案
 

我想直到一些像视图这样的主要贡献模块都有稳定的Drupal7模块,而不是alpha,我认为drupal6将被使用一段时间。

我肯定会支持Drupal6多年来,因为那里有很多Drupal6网站。

所以答案是否,你不必升级。

 

I think until some of the major contributed modules like Views have Drupal7 modules that are stable and not alpha, beta I think drupal6 will be used for some time to come.

I'm certain that drupal6 will be supported for years to come as there are A LOT of drupal6 sites out there.

So the answer is No you don't HAVE to upgrade.

 
 
 
 
15
 
vote

一旦Drupal 8出来,Drupal 6将被标记为"生命结束" :Drupal Security团队将停止工作,官方安全发布不会出现。如果出现任何新的漏洞,您将自己修补它。所以它真的有利于升级到那个点。

但是,Drupal的升级路径来自上一个版本到当前版本:也就是说,从Drupal 6的最后一个释放到Drupal 7提供升级路径,升级路径将从Drupal 7提供给Drupal 8 。

Drupal 6到Drupal 8的升级路径,然后升级到Drupal 8.

所以,它真的归结为经济学和长期规划。将支持Drupal 6,直到Drupal 8,但是当Drupal 8在几年后出现时,您有机会重写该网站吗?如果没有,您应该计划在将来的某个点升级到Drupal 7。

 

Once Drupal 8 comes out, Drupal 6 will be marked "end of life": the Drupal security team will stop working on it and official security releases won't come out for it. If any new vulnerabilities come out, you'll have to patch it yourself. So it's really in your benefit to upgrade at that point.

But upgrade paths for Drupal are from the previous version to the current version: that is, an upgrade path is provided from the last release of Drupal 6 to Drupal 7, and an upgrade path will be provided from Drupal 7 to Drupal 8.

There won't be an upgrade path for Drupal 6 to Drupal 8: if you don't want to rebuild your site from scratch when Drupal 8 comes out, you'll need to first upgrade your Drupal 6 site to Drupal 7, then upgrade to Drupal 8.

So, it really comes down to economics and long term planning. Drupal 6 will be supported until Drupal 8, but when Drupal 8 comes out in a couple of years, will you have an opportunity to rewrite the site? If not, you should plan to upgrade to Drupal 7 at some point in the future.

 
 
 
 
4
 
vote

始终有2个版本的Drupal同时支持。因此,当Drupal 8将被释放时,Drupal 6将变得不受支持。有一段时间才能发生,直到它会发生,所以你不必赶时间。

如果足够的人愿意继续修补安全错误,即使它不再正式支持,您也可能继续使用它。任何想要继续通过无限期地通过安全补丁继续支持Drupal 6的人,问题是是否有足够的人对这样做。我不会依靠Drupal 6在官方发布后仍然支持Drupal 8。

 

There are always 2 versions of Drupal supported at the same time. So when Drupal 8 will be released, Drupal 6 will become unsupported. There is some time left until that will happen, so you don't have to hurry.

If enough people are willing to continue patching security bugs, you might continue to use it safely even if it is not officially supported anymore. Anyone that wants to can continue to support Drupal 6 with security patches indefinitely, the question is whether enough people are interested in doing that. I would not count on Drupal 6 being still supported after the official release of Drupal 8.

 
 
 
 
2
 
vote

你的原始问题是你不想花费大量的时间升级你的网站 - 我可以很好地理解,但我肯定会建议做升级。几个原因:

  • 迟早你将必须升级,因为drupal 6的临近生活结束
  • 如果您正在使用Drupal网站,如果您学习如何进行重大升级,您将受益匪浅。很多人喜欢我开始用司布6,所以这是我们应该申请的第一次升级 - 这是宝贵的知识。
  • 您可以"更改" 手册中编写的升级过程 - nobody 提到,您应该在一个下午在一个下午做到这一点,例如......如果我是你,我会花几个小时的时间与准备,检查模块和主题,检查核心等,然后在第二天中继续进行测试环境中的升级。这样你就可以舒适。主要的是,记笔记。最好让每个人点击被记录(这将是疯狂的),而不是与写下来。尝试享受这样做,升级的网站将比以往任何时候都更好!

并记住,我们有一个巨大的社区,有很多能量和支持,所以谈论你所做的事情,写一个博客帖子或其他东西 - 有人会从它中受益匪浅,也许甚至是你。

 

Your original problem is that you don't want to spend massive amount of time upgrading your site - I can understand this well, but I would definitely recommend to do the upgrade. A couple of reasons:

  • Sooner or later you will have to upgrade because Drupal 6's is nearing end of life.
  • If you're working with Drupal sites, you'll benefit greatly if you learn how to do a major upgrade. Many people like me started with Drupal 6, so this is the first upgrade that we should be able to apply - it's valuable knowledge.
  • You can "alter" the upgrade process written in the Handbook - nobody mentioned that you should do that on one afternoon, for example... If I were you, I would spend several hours with preparations, checking modules and themes, checking the core etc. and on the next day I would proceed with the upgrade in a test environment. This way you can have a little more comfort. The main thing is, take notes of everything. It's better to have each click documented (which would be crazy) than to have nothing written down. Try to enjoy doing this, the upgraded site will be better than ever!

And remember, we have a huge community with a lot of energy and support, so talk about what you do, write a blog post or something - someone will benefit from it greatly, perhaps even you.

 
 
2
 
vote

在这个问题被问到了大约5年后,这里是根据我们今天所知的另一个答案...

将耳垂6留在安全的状态下,来到它不受支持的那一天?

Drupal 6已宣布截至2016年2月24日的生命结束,详见 Drupal 6生命结束公告 (*)。因此,除非您采取一些适当的行动,仍然在该日期之后仍然使用Drupal 6的网站面临不安全的风险。

但是,与此同时,在此期间, MyDropWizard 模块已发布...对于D6。 .. 静止 ,而 !!!请参阅"如何在生活结束后获得有关可用安全更新的准确信息?" 了解更多详情。

或将平台弃用,易受伤害迫使我更加普遍升级?

对于"升级d6站点不是一个选项" ,可能的替代方案是 从其中一个购买Drupal 6长期支持(LTS) "官方" 供应商 。此外,似乎是 d6lts 项目。有关此的更多详细信息,请参阅如何在2016年2月24日后继续使用D6网站D6是生命结束?

对于那些奇怪的人,"有多少报告的drupal 6安装我们已经离开了?" ,请检查 Drupal Core的使用统计数据(关于D5,D6,D7,D8)...截至2016年1月31日,似乎" 只有" "约110k遗址左右(与D7约1046K相比,D8的64K)。与一年前相比,这少约40克(此时它将再拿3到4年......)。

(*):此链接还包含很多有趣的评论,例如下面的第一个评论,这就像:

根据定义,在存在两个条件时支持项目页面上的释放:

  1. 项目维护者认为它被支持。
  2. 安全团队正在接受安全问题的报告和制作关于它的咨询。

这就是"支持" 状态意味着自2009年5月以来(并在 2010年5月)。

这就是为什么第4项在此列表中:

项目页面上的所有Drupal 6发布都不会被标记为不支持。

作为Drupal 6 EOL,项目#2将不再是真实的,因此将它们标记为不受支持的是有意义的。

这篇关于EOL的帖子是过去3年的众多对话的结果,当时EOL应该是。想要支持Drupal 6和/或贡献模块的人更长。

 

About 5 years after this question was asked, here is another answer based on what we know today ...

Will Drupal 6 be left in a secure state, come the day that it is unsupported?

Drupal 6 has been announced to be end of life as of Feb 24, 2016, as detailed in Drupal 6 end-of-life announcement (*). So unless you take some appropriate actions, sites that will still be using Drupal 6 after that date are at risk of becoming insecure.

However, in the meantime the myDropWizard module has been released ... for D6 ... still, and only !!!. Refer to "How to get accurate information about available security updates after End-of-Life?" for more details on that.

Or will the platform become deprecated and vulnerable forcing an even more massive upgrade on me?

For situations where "upgrading a D6 site isn't an option", a possible alternative is to Buy Drupal 6 Long-Term Support (LTS) from one of the xe2x80x9cofficialxe2x80x9d vendors. Moreover, there seems to be the D6LTS project. For more details on that, refer to the answer to How to proceed with a D6 site after Feb 24, 2016 when D6 is end of life?.

For those who wonder "How many reported Drupal 6 installs do we have left?", go check the Usage statistics for Drupal core (about D5, D6, D7, D8)... As of Jan 31, 2016, there seem to "only" be about 110K sites left (as compared to about 1046K for D7, and 64K for D8). That's about 40K less as compared to a year ago (at that rate it'll take another 3 to 4 years ...).

(*): this link also contains a lot of interesting comments, such as the very first comment below it, which is like so:

By definition, a release on a project page is supported when two conditions exist:

  1. the project maintainer believes it to be supported.
  2. the security team is accepting reports of security issues and making advisories about it.

That's what "supported" status means and has meant since May of 2009 (and reiterated in May of 2010).

That is why item 4 is in this list:

All Drupal 6 releases on project pages will be flagged as not supported.

As of the Drupal 6 EOL, item #2 will no longer be true so it makes sense to mark them as unsupported.

This post about the EOL is the result of numerous conversations over the past 3 years about when the EOL should be. People who want Drupal 6 and/or contributed modules to be supported longer.

 
 
1
 
vote

当新的Drupal版本出现时,没有尝试使用旧版本"向后兼容" 。使用Drupal 7更改了一些基本的事情,包括"CCK" 模块现在是Drupal核心功能中的特征的事实。所以一个drupal 7安装不知道如何处理drupal 6数据库,除非您按照推荐升级程序。 (即使是,如果您自定义了任何模块或写入自己的模块或模板,则会有一些工作要做以完全转换应用程序。)

表示,不,你没有要升级,至少不是现在。在其他人指出,你对Drupal 6起来直到Drupal 8出来了。您可以在自己的硬盘驱动器上运行一个并行Drupal 7服务器,并在自己的硬盘上运行一个并行Drupal 7服务器,并使用它来练习将应用程序移植到Drupal 7.一旦Drupal 8出来,您应该准备好将您的应用程序升级到Drupal 7(以及您安装的任何其他模块都应该赶上D7然后)。

 

When a new Drupal version comes out, there is no attempt to make new builds "backward compatible" with old ones. Some fundamental things changed with Drupal 7, including the fact that what was the "CCK" module is now a feature in the core functionality of Drupal. So a Drupal 7 install won't know what to do with a Drupal 6 database, unless you follow the recommended upgrade procedure. (And even then, if you've customized any modules or written your own modules or templates, you will have some work to do to fully convert the application over.)

That said, no, you don't have to upgrade, at least not now. You are fine sticking with Drupal 6 up until Drupal 8 comes out, as others have pointed out. You could run a parallel Drupal 7 server on a MAMP or WAMP install on your own hard drive, and use it to practice porting your application to Drupal 7. Once Drupal 8 comes out, you should be ready to upgrade your application to Drupal 7 (and any other modules you've installed should have caught up with D7 by then).

 
 

相关问题

3  核心论坛形式下拉空  ( Core forum form dropdown empty ) 
在D6站点中,当用户进入节点/添加/论坛时,他们发现下拉"论坛" 只是显示"请选择" 但是该菜单中没有任何内容。 PHP错误日志或看门狗中没有任何内容。 我相信用户有正确的权限 - 毕竟,表单确实显示。否则(admin)的下拉列表显示了站点上的所有不同论坛,都是空的,而且没有它不能提交表单。 我已经看到了几乎所有...

7  使drupal_goto忽略?目的地= foo  ( Making drupal goto ignore destination foo ) 
我经常在我的drupal 6站点来遇到一个用户可能会遇到我的模块的页面?destinational = foo querystring从网站上的先前交互附加到URL。这种结果因"非常加重" 而异。 drupal_goto() 首先检查目标参数的默认行为,并将参数忽略 drupal_goto() 如果存在。 是否有...

6  以编程方式插入WebForm结果  ( Programmatically insert webform result ) 
我使用的是安装了WebForm模块的Drupal 6。 我需要能够从php结果到webform封锁。伪码: <?php //File: remote_script_not_hosted_on_the_same_server_as_drupal.php $results = array( 'name' => 't...

4  如何将独立的PHP文件放入Drupal 6?  ( How do i go about putting standalone php files into drupal 6 ) 
我想添加一个额外的酷炫php类,我将把它放在drupal中,我如何使代码不呈现安全风险,我应该把它变成一个模块吗? ...

2  Ubercart:更改产品显示表单标签“SKU”  ( Ubercart change the product display form label sku ) 
如何更改SKU的显示? (哪个钩子管理产品节点显示?) 我需要sku输出以显示"型号#" 。在产品节点页面上 drupal版本6.2x ...

1  Ubercart Marketplace - 用户的Imagefield在哪里?  ( Ubercart marketplace where is the imagefield for users ) 
使用drupal 6 Imagefield配置为产品。 Imagefield出现为管理员,但不是用户。如何为授权Ubercart Marketplace卖家销售的用户出现拍摄剧场?任何帮助都赞赏! andre e ...

2  多轴投票系统(星级评级)  ( Multiple axis voting system star rating ) 
我尝试了多轴投票系统使用Drupal Fivestar和Computed Field ,但我无法理解以下2分: 将节点参考字段添加到投票节点类型,使所选的目标节点类型。 设置投票(aka.review)节点类型,为多个AXIS投票添加所有必填字段和FiveStar字段。记住将"目标" 选项设置为#3字段。 愿有人...

5  配置SSL  ( Configuring ssl ) 
我正在使用drupal 6并已经设置了SSL证书(使用我自己的证书颁发机构)配置了我的Apache服务器,并在Drupal .htaccess 文件中添加了以下重定向。 RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^test/home https://loca...

3  WSOD在管理页面上  ( Wsod on administration pages ) 
以下是事实: 制作了一个干净的Drupal 6.20 已安装和启用管理员菜单模块 从这一点上我无法访问任何 admin/* 页面,但我可以访问 99887661 和 user/* ... php log: No entries apache错误日志: No entries apac...

4  如何控制来自视图内容窗格的“更多”链接,以指向Biblio过滤页面  ( How do i control the more link from a views content pane to point to a biblio ) 
我正在使用drupal 6.我正在尝试创建一个查看窗格,列出匹配特定术语的三个Biblio项,然后提供与使用相同术语过滤的更多项目的链接。 Biblio允许我使用 biblio/term/term_name 很好地访问这些项目。有没有办法控制视图提供的 more 链接,以便它指向这个位置? ...

2  Ubercart:属性?  ( Ubercart attributes ) 
我有现有的推车,库存有不同权重的单独产品,它们是单独的条目。我希望各种权重组合并按属性搜索。用ubercart做到这一点的最佳方法是什么。 我正在使用drupal 6 ubercart 2。 ...

3  强制所有链接到绝对  ( Force all links to be absolute ) 
我是一个自定义模块,我正在通过电子邮件发送节点和视图的内容。该模块首先渲染节点/视图并将结果包围公共模板。 但是当我的视图和节点内容构建时,它们包含链接是亲戚。我正在寻找一种方法来强迫这些链接成为绝对(即,具有域和协议)。 URL()和L()函数可用于输出绝对链接,但我没有看到一种方法来强制在所有链接上强制此行为。...

2  等效_phestemplate_variables()  ( Equivalent of phptemplate variables ) 
在Drupal 6中已弃用的Drupal 5( _phptemplate_variables() )中有一个函数。 在Drupal 6中是否有类似的功能? ...

4  如何在注册时重定向到命名节点  ( How to redirect to a named node upon registration ) 
给出了一个D6网站,用户必须确认其电子邮件地址,我希望新注册人立即重定向到解释电子邮件验证过程的页面节点。 我试图使用动作和触发器来执行此操作,但"触发:在发送用户帐户之后" 在发送激活电子邮件之前执行,因此消息被阻止,从未退出。这似乎是一个未解决的问题追踪,如D5。 登录目标模块列为支持D7.x但不是6.x的...

4  如何在许多论坛中放置一个论坛主题  ( How to place one forum topic in many forums ) 
我有一个使用D6和高级论坛模块创建的论坛系统。我想在所有论坛部分中发布一个特殊的论坛主题,该部分描述了网站规则以及如何使用各种论坛功能。如果可以使用一次出现在所有论坛中的单个节点可以完成这一点,这将是完美的,因为这种注释将包含在一个讨论中。 ...

2  需要一个wysiwyg插件  ( Need a wysiwyg plugin ) 
直到这一点,我需要一个用于Drupal 6的WYSIWYG模块;以下是要求: 易于更改工具栏按钮 能够添加自定义样式 能够上传图像并投入内容 能够上传闪存并渲染内容 能够上传文件并将其显示为下载链接 熟悉WordPress WysiWyg编辑器的人?这是我想要的。 ...

5  更改$ <field_name> _ _rendered输出?  ( Change field name rendered output ) 
在节点中,我将CCK字段的值作为$数组或$ _ _RENDERED作为字段的呈现视图。如何从其默认渲染方式更改 $<field_name>_rendered ? ...

10  如何检测当前的URL?  ( How to detect the current url ) 
我想在D6中添加一个身体类,如果您在我的 template.php 上的特定页面上,我有: if url('the/path') { add the body class... } 但该功能似乎对我来说似乎没有工作。 ...

1  为新安装添加CDN功能:现在或更高版本?  ( Adding a cdn feature for a new installation now or later ) 
如果您从头开始设置Drupal 6网站,请立即安装CDN模块(或类似服务)是重要的吗?或者将添加此类功能稍后易于执行 - 即使在站点域中已使用多个图像文件或静态文件,甚至可以在网站域中使用? ...

1  最小化模块中的Hook_Views_default_views时,可以删除的内容?  ( What can be removed when minimizing hook views default views in a module ) 
我正在研究一个新的drupal 6.x模块(当前在沙箱等待评论中 - http:/ /drupal.org/sandbox/sdague/1072704 )通过视图导出它的数据。当我实现的hook_views_default_views()时,我刚刚在视图上使用导出功能,以获取几个基本视图以获取事项启动。 工作,...




© 2021 it.wenda123.org All Rights Reserved. 问答之家 版权所有


Licensed under cc by-sa 3.0 with attribution required.