Contrib.social

Improve clarity of the reporting security issues warning

Open on Drupal.org →
Created on 16 October 2014, about 10 years ago
Updated 15 November 2024, about 1 month ago

For issues on projects that have opted into security advisory coverage, and have full releases:

  • Add a special “Security” value to either the category or component field.
  • If that value is selected, do not allow the form to validate. Make it clear that security.drupal.org is the place to report security issues [for covered projects]. Maybe also mention that you can use tags for security hardening, SA followups, etc. Needs copy.

Original issue summary

When you create an issue there is a short message warning not to use this to report security issues. Currently it is green with a tick:

I suggest it changes to the red/warning so as to stand out and be clearer that this is a problem not something good.

Also in light of recent events perhaps the text could be extended to say something on the lines of "SECURITY ISSUES: Please follow these guidelines if you feel any part of your issue could affect the wider security of Drupal" or something better than my late night thoughts :D

Feature request
Status

Closed: outdated

Version

3.0

Component

User interface

Created by

mbkaba22

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 month ago
    🇺🇸United States drumm NY, US

    With issues moving to GitLab, there are not standard components or the ability to add custom validation. GitLab does have confidential issues built in.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024