[development] How to report a security issue

Ivan Sergio Borgonovo mail at webthatworks.it
Wed Jan 23 16:14:31 UTC 2008


On Wed, 23 Jan 2008 09:52:35 -0500
"Khalid Baheyeldin" <kb at 2bits.com> wrote:

> > - I tried to intercept people on IRC asking what to do.
> > - nobody was able to point me to guideline to how to report a
> > security issue, I had the impression no one was responsible for
> > sec issues.

> It is here http://drupal.org/node/101494

> We get a lot of spam on that mailing list, so it is moderated.

> The team is entirely volunteer driven, and the amount of work is
> very large for it to handle. We recently asked for more volunteers
> and got maybe 3 responses total.

> The process mentioned above spells it out. You should coordinate
> with security and only commit when the SA is ready.

Please, please, please... if I wrote what I wrote I had good reasons
to write it. I'd prefer not to discuss details here. But I'd like to
avoid the the impression I'm an asshole and the problem can be
ignored.

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it



More information about the development mailing list