Contrib.social

Add Check in Packaging to Prevent Distributions from Including Forks of Core

Open on Drupal.org β†’
Created on 4 December 2014, almost 10 years ago
Updated 12 November 2023, 11 months ago

It looks like the failure to update core to > 7.32 will finally be the push needed to unpublish distributions that include forks of core vs. using a .make.

#2153139: Unpublish Distributions with Forks of Core < 7.32 β†’

But these should have never been packaged. They violate the "do not branch/fork Drupal modules/themes" clause of the Git Usage Policy β†’ . Doing this also circumvents the security warning added for πŸ“Œ Should supported releases be shown on downloads table even if it contains insecure modules? If so, how? Closed: won't fix

To prevent this from happening again, it would be great if the packaging could include a check for a fork of Drupal core. Not sure how best to do that. Ideally that code would never get committed, but this check would save time trying to get maintainers to correct this and keep what users are downloading from Drupal.org more secure.

✨ Feature request
Status

Closed: outdated

Component

Packaging

Created by

πŸ‡ΊπŸ‡ΈUnited States kreynen

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024