[drupal-devel] security "official"

Negyesi Karoly karoly at negyesi.net
Sun Feb 6 05:19:24 UTC 2005


To avoid future problems with security hole reporting, I'd advice creating a 
security-team at drupal.org (or sg like that) address and advocating it on 
drupal.org homepage or at least on the Support page. A few select people 
should get these emails. So there will be no confusion where security holes 
must be reported. I know that most probably Dries and Steven will get 
these, but we can not assume that anyone who happens to stumble on a 
security hole knows our leaders.


Karoly Negyesi

More information about the drupal-devel mailing list