[development] Think there's a security problem in your module? Here's what to do.

Derek Wright drupal at dwwright.net
Fri Jan 18 11:56:32 UTC 2008

On Jan 18, 2008, at 3:25 AM, Jakob Petsovits wrote:

> Oh, wow. I didn't expect distributed VCS methodologies to get into  
> Drupal this fast... expected different repositories for each  
> project more like in three years or so :P

On Jan 18, 2008, at 3:37 AM, Gerhard Killesreiter wrote:

> Yeah, I am quite overwhelmed too. I think this is cannons on sparrows.

*sigh*  I guess neither of you actually read what I wrote.  Lemme  
quote the part you seem to have skimmed, and I'll add emphasis for  

On Jan 18, 2008, at 1:08 AM, Derek Wright wrote:
> IF we wanted to get REALLY CRAZY, we COULD START to EXPERIMENT with  
> distributed revision control ... to help manage private repos for  
> _SOME_ of the projects on SEC.d.o.

> Could work great ... but that would depend at the very least on  
> people helping to complete the to-do list here:
> http://groups.drupal.org/node/8102
> and then implementing other versioncontrol API backend modules for  
> whatever tool(s) they wanted to be able to use for this.

This could certainly take 3 years or so, depending on who has this  
itch and is willing/able to scratch it.

Forget I even mentioned this.  It was an off-the-cuff comment about  
"someday how it could all work".  If you haven't learned by now, I  
tend to get big dreams, write them all up into the Grand Plan, then  
figure out what's realistic, and start finding a way to make it  
happen, at least the parts of the Grand Plan I personally care  
about.  This particular detail of how I've been fleshing in  
webchick's proposal is at the very bottom of the list of things I  
care about, so don't expect me to work on it anytime soon, if ever.   
CVS + rsync + patches in the private issue queues are all I care  
about for now.

It's so reassuring to know that people will always focus on the least  
important aspects of what I write and bend them all out of shape and  
proportion. ;)

-Derek (dww)

More information about the development mailing list