- 🇺🇸United States jsutta United States
I'd like to take over as a maintainer for this module. I'm currently working on a Drupal 10 site that will use it, and it'd be advantageous if this module were supported and covered by the Drupal security advisory policy.
I have not previously received security coverage opt-in permission, but am happy to go through the process to receive it.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Since the project is covered by security advisory policy, site moderators do not add as co-maintainers/maintainers people who cannot opt projects into security advisory coverage.
I am moving this issue back to the project queue, to allow somebody who can opt projects into security advisory coverage pick up the project.
- 🇺🇸United States jsutta United States
@apaderno I just read the FAQ on applying for permission to opt in to security coverage → and I understand I can't do so since I didn't contribute most (in this case, any) of the code).
Given that, can we remove the module from coverage by the security advisory policy? My thought is that once I take over, my first task will be to release a Drupal 10-compatible, coding standards-compliant version. This would likely entail a big change to the code, which I can use to opt the module back in to coverage.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Projects cannot be taken off from security advisory coverage; once opted in, they cannot opt out.
- 🇺🇸United States jsutta United States
Highly unfortunate.
So given that, the only option for this module is to wait for someone with the proper permission to request to take over as maintainer? What if no one ever does?
It seems like my only other option would be to copy the code from this module, start a new module, and go from there. My goal is to avoid creating a copy of the module in my project because, while it would remove the "Unsupported module" error from my site's security report, it wouldn't benefit the community, which is always one of the aims of using a project like Drupal.
Do you have any thoughts or suggestions on a path forward?
- 🇺🇸United States jsutta United States
@apaderno Could I offer to co-maintain the module? Not sure if that would have the same requirements but thought I'd ask.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Offers to be maintainer or co-maintainer have the same requirements: Project moderators and site moderators do not add as co-maintainer/maintainer a person who cannot opt projects into security advisory policy. That holds true for automatic issues or manually-created issues.
I'd love to see this actively maintained. @jsutta, it looks like if the project owner (@netw3rker) approves it you could take over (from How to become project owner, maintainer, or co-maintainer → ):
When the project is covered by Drupal's security advisory policy, you need to have permission to opt into security advisory coverage, or the offer must be approved by the project's owner.
He doesn't seem to be recently active here, but I could try contacting him through another channel if you like?
- 🇺🇸United States goose2000
I would like this SSO solution to continue too, used it for a long time. I have been able to get a CAS server solution going but this has always been lighter weight for Moodle.
I can install and test...
- 🇺🇸United States jsutta United States
@gaddman That would be fantastic! We're currently maintaining a custom version of the module, which is working very well in a Drupal 10/Moodle 4.1 site. I'd love to share this with the community.
- 🇺🇸United States netw3rker
@jsutta Thanks for stepping up! @gaddman reached out on slack and let me know this was in the queue (not sure why I wasn't notified... well I guess I do, life and 10k unread messages in my inbox :) )
I granted you full access to the module here. I'm kinda bummed that my long-time user @goose2000 didn't want in the action too though! You'll also need to be blessed on the cannod/drupal_sso repo on the moodle project space. I'm so far out of date on that that i'm not sure where to begin. But i'll see what I can do there.
Glad to see this code is finding life again!
- 🇺🇸United States jsutta United States
@netw3rker I could have sworn I answered you back but I don't see my answer in the thread. Ah well, I must not have hit the Save button or something. With all that said, please forgive me for taking so long to respond to you!
Thank you so much for allowing me to take the reins! I've been bogged down by work but am setting up a new branch to incorporate our custom work. I just need to check the issue queue to make sure I don't step on anyone who's contributed potential solutions too.
- Assigned to jsutta
- Status changed to Fixed
5 months ago 7:45pm 12 June 2024 Automatically closed - issue fixed for 2 weeks with no activity.