[development] Think there's a security problem in your module?Here's what to do.

FGM fgm at osinet.fr
Thu Jan 17 20:03:04 UTC 2008


One thing that could certainly make things simpler would be to have a 
"security" issue type, for which issues would only be visible to the author 
and members of the security team. Security issues could then be issued just 
like normal issues: it would maintain consistency, instead of introducing a 
specific behaviour for people wishing to report security issues.

However, I'm not sure project* will easily support this ?

----- Original Message ----- 
From: "DragonWize" <dragonwize at gmail.com>
To: <development at drupal.org>
Sent: Thursday, January 17, 2008 8:00 PM
Subject: Re: [development] Think there's a security problem in your 
module?Here's what to do.
[...]
>> b) You *immediately* send email to security at drupal.org about it to
>> let us know.
>
> Agreed. This easy to understand, perform and educate. Maybe also have
> other ways for developers & users alike to the security team that
> doesn't make them have to remember the email address. The more ways to
> contact them with important information the better.
[...] 



More information about the development mailing list