[development] Re: [support] Drupal 4.6.6/4.5.8 security releases

Gerhard Killesreiter gerhard at killesreiter.de
Tue Mar 14 03:10:31 UTC 2006

Boris Mann wrote:

> On 13-Mar-06, at 3:33 PM, Karoly Negyesi wrote:
>> On Tue, 14 Mar 2006 00:24:40 +0100, Alejandro Exojo <suy at kurly.org>  
>> wrote:
>>> El Martes, 14 de Marzo de 2006 01:03, Gerhard Killesreiter escribió:
>>>> are now available. See drupal.org/node/53524
>>> I'm really very disappointed about how the Drupal project is  
>>> handling releases
>>> and security advisories. IMHO, it's the worst "big" free software  
>>> project in
>>> this regard.

My dissapointment with the kind of users Drupal attracts is beyond 

>> Thanks for the appreciation of our hard work and your discreet  
>> letter to them security team that the sending security newsletters  
>> were forgotten. They were written just waited for sending.
> Karoly: this is still a valid point. The security advisories *must*  
> go out first, privately, before the public announcement.

Yeah, the five minutes that saved the world...

I am still wondering why I am spending my time doing security releases 
at all. The only responses we get consist of bitching about minor issues 
and auto responders.

> Do you need  help with this next time? I'll volunteer to help manage 
> this.

The security team can certainly need some help. One would think that the 
people who as of recently are Drupal's saviours when it comes to 
enterprise solutions would be eager to spend some ressources on this.


More information about the development mailing list