[development] Core drupal.module moved to contrib site_network.module
drupal at dwwright.net
Tue Oct 9 16:05:23 UTC 2007
On Oct 9, 2007, at 8:45 AM, Gerhard Killesreiter wrote:
> The question is: do we want to? People are using the password to
> our site on some potentially insecure sites.
> I think it is desirable for d.o to stop using drupal.module as soon
> as feasible.
> Read: As soon as g.d.o has fixed the issue. We should be able to
> add missing email address by doing some syncronizing between d.o
> and g.d.o's databases.
Depending on the timing of it, I think this might be too
aggressive. We've gone N years with this security problem, another
month won't kill anyone. I think we need a front page post about it
with a specific deadline at which @drupal.org logins on other sites
will no longer work. I think we should give people at least a month
to transition, upgrade, whatever they have to do. Plus, we should
attempt to have d.o as an OpenID provider ASAP (which doesn't require
putting the OpenID server code in core for D6, mind you), ideally as
part of the info in that front page post, encouraging people to use
More information about the development