[development] Think there's a security problem in your module? Here's what to do.

Khalid Baheyeldin kb at 2bits.com
Wed Jan 16 20:12:26 UTC 2008


You have a point about not making it easy in the commit message.

But even if we do that, what is the solution to notifying legitimate
users (via RSS, email list), but not the black hats?

We still have to tag releases as security, and issue SAs.

There is no way we can hide that AND inform legitimate users WITHOUT
the black hats knowing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080116/bc65ed41/attachment.htm 

More information about the development mailing list