[development] Certify Drupal for use in Government (US) Projects
Michael Prasuhn
mike at mikeyp.net
Wed Oct 1 08:06:04 UTC 2008
http://drupal.org/security-team#report-issue
It's on the top of every "Submit Issue" page on drupal.org.
Any code that is in an official release of Drupal is 100% open.
Nothing in the GPL prevents the bug fixes *prior* to release from
being performed in a non-public manner.
-Mike
On Oct 1, 2008, at 12:40 AM, Drupal Developer wrote:
> Wow, I would like everybody to notice something right here.
>
> In the message I reply to, Matt Farina said:
>
> "The security team handles things in a tight way. When something is
> reported it's not opened up to the world. If the issue is valid it's
> handled behind closed doors until a fix and advisory is sent out." /
> end of citation/
>
> I thought that Drupal is an open community of open source developers
> working under GPL license.
> Does it mean that ALL issues have to be openly reported to all
> community for everybody to review?
> Don't you all think that handling security issues behind closed
> doors until a fix and advisory will be sent out is sound more like
> corporate way of thinking on a way to develop something proprietary?
>
> I'm very concern about that and invite everybody to collaborate on
> this one.
>
> Does Matt represent a real situation at this matter in Drupal
> development community?
> If not, then I'm sure that many people would like to know exactly
> what the process is for handling security issues from the moment
> they have been reported?
__________________
Michael Prasuhn
mike at mikeyp.net
http://mikeyp.net
More information about the development
mailing list