[development] Think there's a security problem in your module? Here's what to do.

Stephane Corlosquet scorlosquet at gmail.com
Wed Jan 23 11:47:34 UTC 2008


As some pointed out, the one who reports a security issue and the module
maintainer(s) should be more involved in the fixing process:
1- better communication and transparency between reporters, maintainers and
sec team
2- less work for the sec team if the workflow is automated
3- leads to a quicker initial feedback from the sec team telling the
reporter what to do, and preventing her from posting and advertising a fix
in the issue queue or project page if she doesn't get a reply from
security at drupal.org within the next hours...

all of that of course is restricted to the sec team and ppl involved in each
security issue.

count me in too, but like DragonWize, not being able to lead. but if one can
break things into smaller tasks, it'll be easier to give a hand.

scor.

On Jan 20, 2008 4:15 PM, Jakob Petsovits <jpetso at gmx.at> wrote:

> On Saturday, 19. January 2008, Derek Wright wrote:
> > On Jan 18, 2008, at 4:56 AM, Jakob Petsovits wrote:
> > > I'll try to be more silent next time.
> >
> > [snip]
> > Please continue to contribute to these
> > and other efforts, and by all means, don't be silent.
>
> Mmkay!
> :)
>
> Thanks to *you* and your immense contributions,
>  j
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080123/4ef154d9/attachment.htm 


More information about the development mailing list