[development] Core drupal.module moved to contrib site_network.module
Gerhard Killesreiter
gerhard at killesreiter.de
Tue Oct 9 17:32:35 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Derek Wright schrieb:
>
> On Oct 9, 2007, at 8:45 AM, Gerhard Killesreiter wrote:
>
>> The question is: do we want to? People are using the password to our
>> site on some potentially insecure sites.
>
> Agreed.
>
>> I think it is desirable for d.o to stop using drupal.module as soon as
>> feasible.
>
> Agreed.
>
>> Read: As soon as g.d.o has fixed the issue. We should be able to add
>> missing email address by doing some syncronizing between d.o and
>> g.d.o's databases.
>
> Depending on the timing of it, I think this might be too aggressive.
> We've gone N years with this security problem, another month won't kill
> anyone.
Yeah, I guess.
> I think we need a front page post about it with a specific
> deadline at which @drupal.org logins on other sites will no longer
> work.
> I think we should give people at least a month to transition,
> upgrade, whatever they have to do. Plus, we should attempt to have d.o
> as an OpenID provider ASAP (which doesn't require putting the OpenID
> server code in core for D6, mind you), ideally as part of the info in
> that front page post, encouraging people to use that instead...
There are people who want to work on an open ID server for d.o. I
propose that we end support for drupal.module-type logins either last of
december or whenever that server is there. Whatever comes first.
Cheers,
Gerhard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHC7szfg6TFvELooQRAhVBAJ9uD5AYDyBgC1M+63WvHwVYKwnqWQCZAYmH
/GP/txF3fORcZufeF/ARR+M=
=dEeP
-----END PGP SIGNATURE-----
More information about the development
mailing list