(I just posted this under the book entry, then decided to make it a forum posting as well.)
I’ve just started working my way through the book and I am already confused. The publishing date says “First Printing: January, 2017” so I would have thought everything would have been verified by then.
One of the first modules being recommended to be installed is the Redirect module (Chapter 3 | Basic SEO Part 1, page 40). Yet when I go to Drupal to obtain it, the first thing that jumps out at me is the red box at the top of the page and the red badge later in the listing saying:
“This project is not covered by Drupal’s security advisory policy.”
“Use at your own risk! It may have publicly disclosed vulnerabilities.”
That’s not good.
Next, none of the download versions are listed in green, meaning they are safe and ready to go: they’re still pre-release for Drupal 8. The development version is 8.x-1.x-dev which came out 2017-May-19 and the “official” version is 8.x-1.0-alpha5 which came out 2017-Apr-14. (I find it odd that there does not seem to be any stable versions for Drupal 7 either.)
So why, five months after the book was released, is there still not an officially released version of this module? And why would the author encourage installing something that does not meet Drupal’s own security policy?
How many other similar land mines are there in the rest of the book? I’m definitely not going to install anything that Drupal itself feels has security issues.