[development] No reaction on security mails?

Mori Sugimoto foss at diasporan.net
Thu Jan 14 15:18:41 UTC 2010

Hi Markus,

Thank you very much for your report and sorry we haven't responded to
you. We have received your email and one of the security team members
will respond shortly.

The situation surrounds Drupal has changed significantly in the past
couple of years. With the drastic increase in number of users, as well
as contrib modules, we are receiving more reports than before. After
Drupalcon Paris, we have been trying to establish a new report/issue
handling process and we are becoming more efficient. But we are also
aware that we need to make efforts to further streamline the process so
please bear with us.

Should this happen again, please contact one of the security team
coordinators (me, Mori Sugimoto a.k.a dokumori or Kieran Lai a.k.a amazon).

Thanks again for your report and contribution.



On 14/01/2010 12:33, Markus Kalkbrenner wrote:
> Hi!
> We discovered a critical security issue in Drupal 6 Core and wrote a mail 
> about it to security at drupal.org  more than two weeks ago. (2009-12-27)
> The only reaction so far was an auto response mail from
> security-bounces at drupal.org the next day telling
> "All e-mails sent to us are read by a member of the team and acted upon if 
> necessary."
> Now I'm not sure how to continue. Does it take more than two weeks to read 
> through the mails and I just have to wait or is my message lost?
> Markus
> mkalkbrenner
> http://drupal.org/user/124705

More information about the development mailing list