[development] Core drupal.module moved to contrib site_network.module

Gerhard Killesreiter gerhard at killesreiter.de
Tue Oct 9 17:32:35 UTC 2007

Hash: SHA1

Derek Wright schrieb:
> On Oct 9, 2007, at 8:45 AM, Gerhard Killesreiter wrote:
>> The question is: do we want to? People are using the password to our
>> site on some potentially insecure sites.
> Agreed.
>> I think it is desirable for d.o to stop using drupal.module as soon as
>> feasible.
> Agreed.
>> Read: As soon as g.d.o has fixed the issue. We should be able to add
>> missing email address by doing some syncronizing between d.o and
>> g.d.o's databases.
> Depending on the timing of it, I think this might be too aggressive.  
> We've gone N years with this security problem, another month won't kill
> anyone.

Yeah, I guess.

> I think we need a front page post about it with a specific
> deadline at which @drupal.org logins on other sites will no longer
> work.
>  I think we should give people at least a month to transition,
> upgrade, whatever they have to do.  Plus, we should attempt to have d.o
> as an OpenID provider ASAP (which doesn't require putting the OpenID
> server code in core for D6, mind you), ideally as part of the info in
> that front page post, encouraging people to use that instead...

There are people who want to work on an open ID server for d.o. I
propose that we end support for drupal.module-type logins either last of
december or whenever that server is there. Whatever comes first.

Version: GnuPG v1.4.6 (GNU/Linux)


More information about the development mailing list