[development] How to report a security issue
Ivan Sergio Borgonovo
mail at webthatworks.it
Wed Jan 23 16:14:31 UTC 2008
On Wed, 23 Jan 2008 09:52:35 -0500
"Khalid Baheyeldin" <kb at 2bits.com> wrote:
> > - I tried to intercept people on IRC asking what to do.
> > - nobody was able to point me to guideline to how to report a
> > security issue, I had the impression no one was responsible for
> > sec issues.
> It is here http://drupal.org/node/101494
> We get a lot of spam on that mailing list, so it is moderated.
> The team is entirely volunteer driven, and the amount of work is
> very large for it to handle. We recently asked for more volunteers
> and got maybe 3 responses total.
> The process mentioned above spells it out. You should coordinate
> with security and only commit when the SA is ready.
Please, please, please... if I wrote what I wrote I had good reasons
to write it. I'd prefer not to discuss details here. But I'd like to
avoid the the impression I'm an asshole and the problem can be
ignored.
--
Ivan Sergio Borgonovo
http://www.webthatworks.it
More information about the development
mailing list