[development] How to report a security issue

Ivan Sergio Borgonovo mail at webthatworks.it
Wed Jan 23 16:14:31 UTC 2008

On Wed, 23 Jan 2008 09:52:35 -0500
"Khalid Baheyeldin" <kb at 2bits.com> wrote:

> > - I tried to intercept people on IRC asking what to do.
> > - nobody was able to point me to guideline to how to report a
> > security issue, I had the impression no one was responsible for
> > sec issues.

> It is here http://drupal.org/node/101494

> We get a lot of spam on that mailing list, so it is moderated.

> The team is entirely volunteer driven, and the amount of work is
> very large for it to handle. We recently asked for more volunteers
> and got maybe 3 responses total.

> The process mentioned above spells it out. You should coordinate
> with security and only commit when the SA is ready.

Please, please, please... if I wrote what I wrote I had good reasons
to write it. I'd prefer not to discuss details here. But I'd like to
avoid the the impression I'm an asshole and the problem can be

Ivan Sergio Borgonovo

More information about the development mailing list