- Issue created by @apotek
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Since this project is covered by the security advisory policy, site moderators will not add as maintainers/co-maintainers people who cannot opt projects into security advisory policy. Moving this issue to the Drupal.org project ownership queue will have the get this offer back to this queue.
- 🇺🇸United States apotek
Thank you @apaderno. That is clarifying. But I am mystified by this statement:
> Moving this issue to the Drupal.org project ownership queue will have the get this offer back to this queue.
Can you help me to understand what I need to do next? Thank you.
- 🇺🇸United States markdorison
@apaderno I can vouch for @apotek's qualifications to receive the "opt projects into security advisory" permission. We have collaborated on Drupal code for many years. A recent example would be the Orange DAM → module where he has written a substantial amount of code.
We don't currently have a new project to submit for security advisory coverage → since I opted Orange DAM in myself. If this is not sufficient, please advise the best way to proceed.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
I apologize I was not clear: If this issue is moved to the Drupal.org project ownership queue, it gets moved back to the project issue.
The only way to get the vetted role is applying to get it. I cannot change how the role is given. The decision to require a code review has been taken 15 years ago. It just changed what accounts with the new role can do respects account without the new role. (The difference also got reduced in the last years.)
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Furthermore, since this project integrates services provided by a third-party (for which some of the maintainers work) with Drupal, it is even more important for site moderators / project moderators to appoint maintainers who are able to opt projects into security advisory policy.
- 🇺🇸United States apotek
The only way to get the vetted role is applying to get it. I cannot change how the role is given. The decision to require a code review has been taken 15 years ago. It just changed what accounts with the new role can do respects account without the new role. (The difference also got reduced in the last years.)
Thank you for the very helpful explanation @apaderno. While I am disappointed I can't contribute by helping to get some of these years-long-open issues dealt with, I understand the reasoning.
https://www.drupal.org/docs/develop/managing-a-drupalorg-theme-module-or... →
https://www.drupal.org/docs/develop/managing-a-drupalorg-theme-module-or... →
Reading through the documentation, it seems like I will have to contribute a new module in order to be able to apply for the "opt projects into security advisory" role. Is that truly the case? I ask because it seems Drupal.org would benefit more from improving already built modules rather than encouraging developers to create new projects in order to be able to contribute elsewhere. That said, I can certainly cook up a module :) Please let me know if I am misunderstanding the process. Thank you again for your help.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
It does not need to be a new project. It could also be an old project, as long as there is a branch where most of the commits (and preferably all the commits) have been done by you. It does not even matter the project has been already opted into security advisory policy.
- 🇺🇸United States markdorison
It does not even matter the project has been already opted into security advisory policy.
This was not clear to me. Thank you for clarifying!
- 🇺🇸United States apotek
I have started the application process → . Thanks everyone.
- Status changed to Closed: won't fix
4 months ago 4:21pm 13 February 2024 Hi all,
I apologize for not solving osme of the issues earlier. We had resourcing issues but I am working on getting those address. I will close this issue for the time being and reopen it if we are not able to solve it.