On 10/20/06, Derek Wright <drupal@dwwright.net> wrote:
p.s. for the record, i sent exactly such an introduction email to the security team about 1/2 year ago, and basically have never been contacted by them for anything.
Ditto. perhaps in the transition from chx -
heine, my offer was lost in the cracks. i have discovered security holes in project.module and made releases and sec. announcements for them back in april (when i first offered to be a more active member of the sec. team), but otherwise, i haven't had any direct interaction with the security team.
Except I'm less experienced in finding problems than you, apparently.
if y'all are feeling understaffed and overworked, perhaps you could make better use of the people like myself who've already volunteered to help. maybe we need a security-volunteers@drupal.org list for this 2nd tier of developers: not the official team, but the (if i may say so) clueful people who want to help, and can be called upon to discuss patches, assess problems in contrib caused by new versions of core, whatever. just a thought.
This is an interesting idea. It would still have to be a list of relatively well trusted individuals to keep out someone who hopes to gain previews of security holes so they can take advantage of them. For the small amount it's worth, I like that idea if the preference is to keep security@ to just a small group of people. Regards, Greg -- Greg Knaddison | Growing Venture Solutions Denver, CO | http://growingventuresolutions.com Technology Solutions for Communities, Individuals, and Small Businesses