DrupalCon Vienna 2017: Drupal Long Term Support - D6 and Beyond

The popularity of Drupal 6 combined with potentially difficult upgrade paths to Drupal 7 and 8 left many sites in a situation where backporting core and contrib security fixes was their best option after Drupal 6 went end of life. The Drupal Security Team selected three vendors to be responsible for releasing Drupal 6 patches by reviewing security issues as they are found for Drupal 7 and 8. This long term support ("LTS") has allowed many Drupal 6 sites to continue running for over a year since the D6 EOL.



This session will review the D6 LTS process and lessons learned since D6 was EOL'd. Additionally, we will look at options for dealing with Drupal 7 LTS, and LTS support of Drupal 8 point releases once they are no longer supported by the community.

Overview of Drupal 6 LTS

Drupal Security Team selection process led to three approved vendors to provide D6 LTS support.
Vendors collaborate with the Drupal Security Team to analyze potential security issues found in D7 and D8 core and contrib, and apply those to Drupal 6 as needed.
Vendors post all released patches publicly at https://www.drupal.org/project/d6lts
If a security issue is found in a D6 module there may not be a patch released if that module isn't in use by any clients of the approved vendors.
As part of a core conversation, we'd like to discuss details of D6 LTS and reflect on what lessons we can learn and how we, as a community, can apply those to the D7 EOL and to D8 and beyond.

Drupal is a registered trademark of Dries Buytaert.