<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:arial, helvetica, sans-serif;font-size:12pt"><DIV></DIV>
<DIV>I wouldn't get interested if it was on the dev branch. This is on the official release, so I guess I'll write it up and send it in.<BR> </DIV>
<P><FONT face="bookman old style, new york, times, serif" color=#ff007f size=4><EM><STRONG>Nancy</STRONG></EM></FONT></P>
<P> </P>
<P><FONT face="arial, helvetica, sans-serif">Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.</FONT></P>
<DIV><BR></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: arial, helvetica, sans-serif"><BR>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT face=Tahoma size=2>
<HR SIZE=1>
<B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Kieran Lal <kieran@acquia.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> development <development@drupal.org><BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Fri, August 6, 2010 2:35:12 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: [development] Security Updates<BR></FONT><BR>Hi, one caveat.<BR><BR>The Drupal security team only release security announcements and releases for certain types of releases. See <BR>
<H3>Which Releases Get Security Advisory? in http://drupal.org/security-advisory-policy<BR></H3>So if you are in your development branch and you find a security issue you just introduced, just go ahead and fix it yourself with a security tag. If you discover a vulnerability that's in a release type that is covered report it to the security team.<BR><BR>If anyone else on the security team wants to clarify further go ahead.<BR><BR>Cheers,<BR>Kieran<BR><BR>
<DIV class=gmail_quote>On Fri, Aug 6, 2010 at 11:10 AM, nan wich <SPAN dir=ltr><<A href="mailto:nan_wich@bellsouth.net" target=_blank rel=nofollow ymailto="mailto:nan_wich@bellsouth.net">nan_wich@bellsouth.net</A>></SPAN> wrote:<BR>
<BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV>
<DIV style="FONT-SIZE: 12pt; COLOR: rgb(127,0,63); FONT-FAMILY: arial, helvetica, sans-serif">
<DIV></DIV>
<DIV>I've noticed that more and more security advisories are reported by module maintainers. In the past, if I noticed a security problem, I would fix it and commit the change without saying anything. It was sort of embarrassing to me to have an SA filed. However, that didn't mean that users would pick up the fixed version.</DIV>
<DIV> </DIV>
<DIV>Are maintainers now flagging their own issues as a way to "force" people to update to the newest code?<BR> </DIV>
<P><FONT face="bookman old style, new york, times, serif" color=#ff007f size=4><I><B>Nancy</B></I></FONT></P></DIV></DIV></BLOCKQUOTE></DIV><BR><BR clear=all><BR>-- <BR>Get a free, hosted Drupal 7 site: http://www.drupalgardens.com/<BR>415-992-8124<BR><BR></DIV></DIV></div></body></html>