Hi, one caveat.<br><br>The Drupal security team only release security announcements and releases for certain types of releases.  See <br><h3>Which Releases Get Security Advisory? in <a href="http://drupal.org/security-advisory-policy">http://drupal.org/security-advisory-policy</a><br>
</h3>So if you are in your development branch and you find a security issue you just introduced, just go ahead and fix it yourself with a security tag.  If you discover a vulnerability that&#39;s in a release type that is covered report it to the security team.<br>
<br>If anyone else on the security team wants to clarify further go ahead.<br><br>Cheers,<br>Kieran<br><br><div class="gmail_quote">On Fri, Aug 6, 2010 at 11:10 AM, nan wich <span dir="ltr">&lt;<a href="mailto:nan_wich@bellsouth.net">nan_wich@bellsouth.net</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div style="font-family: arial,helvetica,sans-serif; font-size: 12pt; color: rgb(127, 0, 63);">
<div></div>
<div>I&#39;ve noticed that more and more security advisories are reported by module maintainers. In the past, if I noticed a security problem, I would fix it and commit the change without saying anything. It was sort of embarrassing to me to have an SA filed. However, that didn&#39;t mean that users would pick up the fixed version.</div>

<div> </div>
<div>Are maintainers now flagging their own issues as a way to &quot;force&quot; people to update to the newest code?<br> </div>
<p><font color="#ff007f" face="bookman old style, new york, times, serif" size="4"><i><b>Nancy</b></i></font></p></div></div></blockquote></div><br><br clear="all"><br>-- <br>Get a free, hosted Drupal 7 site: <a href="http://www.drupalgardens.com/" target="_blank">http://www.drupalgardens.com</a><br>
415-992-8124<br><br>