[development] Recruiting security team members

Kieran Lal kieran at civicspacelabs.org
Sun Jan 13 01:49:51 UTC 2008

Hello, at Drupalcon Barcelona I stepped forward to help coordinate the
security team.  Heine is still the security team lead.  It's now been over
three months since we've introduced changes to the security team and it's
time to review our team and look to add new members.


You might have noticed that we have had over 30 security announcements in
2007.  As a result of expanding security oversight to include not just core,
but also contributed modules we've had to try to coordinate the releases.
This is due to getting volunteers to review the announcements, as well as
coordinating the 4 core maintainers, and at least the security team lead to
work together.  If you've ever tried to coordinate a meeting across 9 time
zones you can imagine how difficult this can be, especially since our
release system is automated.

If you have availability to review security announcements on a regularly
scheduled basis with several days notice please let me know. This is a task
that is currently done by Robert Costello, myself, and the reporters of
security issues.
If you have security skills and would like to be part of the security team
that participates in developing patches for core and contributed
vulnerabilities please submit your candidacy to security at drupal.org,
detailing your skills, and experience.
If you would like to help build the security team infrastructure, such as
creating a mailing list to inform CVS account holders of security best
practices, or help to administer the security.drupal.org website please let
us know.
If you would like to write documentation or educate the Drupal community
about security issues please let us know how you would like to contribute,
and we will give handbook permission to write documentation on Drupal.org.

If you find yourself frustrated that the security team is not responding to
your issue fast enough, please send a note to the security team expressing
your angst combined with your offers to assist in the coordination of other
activities.  Keeping Drupal sites secure, and helping to coordinate the
security releases for over 2400 Drupal projects is an awesome
responsibility. Please give the team the benefit of the doubt that we are
working hard to deal with a wide range of issues.  Our track record over the
last several years certainly bears this out.


Drupalcon Boston 2008 · March 3-6, 2008
Learn more at http://boston2008.drupalcon.org
Affordable sponsorship packages available
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080112/509e9691/attachment.htm 

More information about the development mailing list