[development] Security Updates

Kieran Lal kieran at acquia.com
Fri Aug 6 18:35:12 UTC 2010


Hi, one caveat.

The Drupal security team only release security announcements and releases
for certain types of releases.  See
Which Releases Get Security Advisory? in
http://drupal.org/security-advisory-policy
So if you are in your development branch and you find a security issue you
just introduced, just go ahead and fix it yourself with a security tag.  If
you discover a vulnerability that's in a release type that is covered report
it to the security team.

If anyone else on the security team wants to clarify further go ahead.

Cheers,
Kieran

On Fri, Aug 6, 2010 at 11:10 AM, nan wich <nan_wich at bellsouth.net> wrote:

> I've noticed that more and more security advisories are reported by module
> maintainers. In the past, if I noticed a security problem, I would fix it
> and commit the change without saying anything. It was sort of embarrassing
> to me to have an SA filed. However, that didn't mean that users would pick
> up the fixed version.
>
> Are maintainers now flagging their own issues as a way to "force" people to
> update to the newest code?
>
>
> *Nancy*
>



-- 
Get a free, hosted Drupal 7 site: http://www.drupalgardens.com
415-992-8124
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100806/09ee35fd/attachment.html 


More information about the development mailing list