[development] Security Updates
nan wich
nan_wich at bellsouth.net
Fri Aug 6 18:49:14 UTC 2010
I wouldn't get interested if it was on the dev branch. This is on the official
release, so I guess I'll write it up and send it in.
Nancy
Injustice anywhere is a threat to justice everywhere. -- Dr. Martin L. King, Jr.
________________________________
From: Kieran Lal <kieran at acquia.com>
To: development <development at drupal.org>
Sent: Fri, August 6, 2010 2:35:12 PM
Subject: Re: [development] Security Updates
Hi, one caveat.
The Drupal security team only release security announcements and releases for
certain types of releases. See
Which Releases Get Security Advisory? in
http://drupal.org/security-advisory-policy
So if you are in your development branch and you find a security issue you just
introduced, just go ahead and fix it yourself with a security tag. If you
discover a vulnerability that's in a release type that is covered report it to
the security team.
If anyone else on the security team wants to clarify further go ahead.
Cheers,
Kieran
On Fri, Aug 6, 2010 at 11:10 AM, nan wich <nan_wich at bellsouth.net> wrote:
I've noticed that more and more security advisories are reported by module
maintainers. In the past, if I noticed a security problem, I would fix it and
commit the change without saying anything. It was sort of embarrassing to me to
have an SA filed. However, that didn't mean that users would pick up the fixed
version.
>
>Are maintainers now flagging their own issues as a way to "force" people to
>update to the newest code?
>
>Nancy
--
Get a free, hosted Drupal 7 site: http://www.drupalgardens.com/
415-992-8124
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100806/c29b8fc1/attachment.html
More information about the development
mailing list