- Issue created by @catch
- πΊπΈUnited States benjifisher Boston area
I am linking to some issues that seem to be related.
Drupal CMS includes some modules that aren't on stable releases yet.
There was a discussion in slack around whether the security team should extend coverage to those modules because they're in a stable release of Drupal CMS - either as a permanent measure, or a temporary one until π Alpha stability flag in composer.json allows project_browser to download any alpha stabiility module Active is resolved and everything is on stable releases.
If the security team policy is going to change, it should probably be documented (and there might need to be changes on d.o). That would normally be a security working group issue but seemed easier to discuss it in this project.
If there's no change, then this might also need to be documented - e.g. security support is unchanged regardless of how the module gets installed.
This is really a security team policy issue, but because it's specific to Drupal CMS, it seemed easier to post it here for visibility, and if nothing changes, the documentation may end up on the CMS side rather than the security team side.
Active
General
I am linking to some issues that seem to be related.