3. Security team takes a copy of the currently vulnerable code and checks it into cvs-security.drupal.org at modules/foobar. Creates a CVS account for developer and gives them access to their module's directory only.
This is the part that is of concern to me. First, is it scalable? It requires significant security team's manpower. Second, a snapshot can get stale vs. the code at cvs.d.o, and all sorts of interesting stuff can happen. Third, back synching the cvs-security.d.o to cvs.d.o after the SA process is done is a lot of work, and could introduce errors. Sorry, I don't want to sound too negative, but the security team is overloaded as it is. The rest of your proposal makes sense, and does have lots of benefits. -- Khalid M. Baheyeldin 2bits.com, Inc. http://2bits.com Drupal optimization, development, customization and consulting.