[development] Think there's a security problem in your module?Here's what to do.
FGM
fgm at osinet.fr
Thu Jan 17 20:03:04 UTC 2008
One thing that could certainly make things simpler would be to have a
"security" issue type, for which issues would only be visible to the author
and members of the security team. Security issues could then be issued just
like normal issues: it would maintain consistency, instead of introducing a
specific behaviour for people wishing to report security issues.
However, I'm not sure project* will easily support this ?
----- Original Message -----
From: "DragonWize" <dragonwize at gmail.com>
To: <development at drupal.org>
Sent: Thursday, January 17, 2008 8:00 PM
Subject: Re: [development] Think there's a security problem in your
module?Here's what to do.
[...]
>> b) You *immediately* send email to security at drupal.org about it to
>> let us know.
>
> Agreed. This easy to understand, perform and educate. Maybe also have
> other ways for developers & users alike to the security team that
> doesn't make them have to remember the email address. The more ways to
> contact them with important information the better.
[...]
More information about the development
mailing list