Contrib.social

Possible compliance with Drupal’s Security Advisory Policy

Open on Drupal.org →
Created on 24 July 2023, almost 2 years ago

Problem/Motivation

Currently the project page on Drupal.org says "This project is not covered by Drupal’s security advisory policy." which demotivates some teams from using the module. Will it be possible to look into it and get this coverage?

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Feature request
Status

Active

Version

2.0

Component

Miscellaneous

Created by

🇨🇦Canada jigarius Montréal

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @jigarius
  • Comment almost 2 years ago
    🇧🇪Belgium mschudders

    +1 to opt into security coverage.
    You can do this on the project page if the project is "old" enough

  • Status changed to Needs work 5 months ago
  • Comment 5 months ago
    🇮🇳India bhojwanipankaj05

    Hi @jigarius and @mschudders,

    Could you please review the code and provide feedback? Additionally, I’d appreciate any guidance on aligning it with Drupal’s Security Advisory Policy.

    Looking forward to your insights.

  • Comment 4 months ago
    🇺🇸United States jhuebsch

    According to the Which Projects are Covered? section of the Security advisory process and permissions policy page:

    Project maintainers may opt into security advisory coverage when they meet the requirements:

    • A maintainer with “write to VCS access” has applied to have the "vetted" role, and received it.
    • The project is a full project, not sandbox projects.
    • There are no known security issues, open issues tagged “security” for the project.
    • New projects must wait 10 days before opting in.
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024