- Issue created by @anzelkiel
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Thank you for applying!
Please read Review process for security advisory coverage: What to expect → for more details and Security advisory coverage application checklist → to understand what reviewers look for. Tips for ensuring a smooth review → gives some hints for a smoother review.
The important notes are the following.
- If you have not done it yet, you should enable GitLab CI for the project and fix the PHP_CodeSniffer errors/warnings it reports.
- For the time this application is open, only your commits are allowed.
- The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status will not be changed by this application; once this application is closed, you will be able to change the project status from Not covered to Opt into security advisory coverage. This is possible only 14 days after the project is created.
Keep in mind that once the project is opted into security advisory coverage, only Security Team members may change coverage. - Only the person who created the application will get the permission to opt projects into security advisory coverage. No other person will get the same permission from the same application; that applies also to co-maintainers/maintainers of the project used for the application.
- We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the project name and the branch to review.
To the reviewers
Please read How to review security advisory coverage applications → , Application workflow → , What to cover in an application review → , and Tools to use for reviews → .
The important notes are the following.
- It is preferable to wait for a project moderator before posting the first comment on newly created applications. Project moderators will do some preliminary checks that are necessary before any change on the project files is suggested.
- Reviewers should show the output of a CLI tool → only once per application.
- It may be best to have the applicant fix things before further review.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues → .
- 🇮🇳India rushiraval
1.1 Remove "core: 8.x" from the .info.yml file
1.2 Fix PHP CS Error
PHPcs error attached in text file.
- 🇮🇳India vishal.kadam Mumbai
1.
main
anddevelop
are wrong names for a branch. Release branch names always end with the literal .x as described in Release branches → . The only exception is for the main branch, which is actually not fully supported on drupal.org and should be avoided.2. FILE: README.md
README.md file should follow the content and formatting described in README.md template → .
3. FILE: a11y.module
/** * @file * Contains a11y.module. */
The usual description for a .module file is Hook implementations for the [module name] module. where [module name] is the module name given in the .info.yml file.
/** * Implements hook_preprocess_HOOK(). */ function a11y_preprocess_a11y_template(&$variables) {
The description for this hook should also say for which hook it is implemented.
4. FILE: src/Form/A11yEditForm.php
/** * {@inheritdoc} */ public function __construct(
FILE: src/Form/A11yForm.php
/** * {@inheritdoc} */ public function __construct(
The documentation comment for constructors is not mandatory anymore, If it is given, the description must be Constructs a new [class name] object. where [class name] includes the class namespace.
- 🇫🇷France anzelkiel
Hello, I have now fixed the indicated errors, and the pipelines for composer-lint, cspell, eslint, phpcs, phpstan, and stylelint are all OK.
I have also addressed the feedback provided in the comments. Everything is available in the 1.1.x branch. Is this good to go now? Should I create a 1.1.0 branch?
Thank you for your feedback and responses!
- 🇮🇳India rushiraval
There is no need to create new branch. commit changes to 1.1.x only.
- 🇮🇳India vishal.kadam Mumbai
Review points 2, 3 and 4 are still pending from Comment #5 📌 [1.0.0] Accessibility tools Needs review .
- 🇮🇳India vishal.kadam Mumbai
Remember to change status, when the project is ready to be reviewed. In this queue, projects are only reviewed when the status is Needs review.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
At the reviewers: Please note what the issue summary says. I re-wrote to make it clearer.
This module takes over the Accessibility toolkit → module to improve it in the near future. It is currently compatible with Drupal 10 and Drupal 11.
The first step is verifying there are significant changes between https://git.drupalcode.org/project/accesstools/-/tree/1.1.x?ref_type=heads and https://git.drupalcode.org/project/a11y/-/tree/2.x?ref_type=heads. The presence of the a11y directory is not significative, as it contains duplicate files.
- 🇮🇳India vishal.kadam Mumbai
Rest looks fine to me.
Let’s wait for a Code Review Administrator to take a look and if everything goes fine, you will get the role.
- 🇫🇷France anzelkiel
compatibility with Drupal 10 and 11. I will add more accessibility features later on.
I should delete the a11y directory if I understand correctly? - 🇮🇹Italy apaderno Brescia, 🇮🇹
@anzelkiel Wait for a reviewer to report any change that should be done. It could also be the response is not Change these lines in these files.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
@anzelkiel I would suggest that, if you think to add new features, this is the perfect time for doing it. The more code you write, more changes will the application get to be approved.
- 🇫🇷France anzelkiel
Hello, I was planning to work on the development this month and next month. With my job, I’m doing this in my free time, which is unfortunately quite limited. Should we wait before approving the application, or can the changes be made later on?
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Thank you for your contribution and for your patience with the review process!
I am going to update your account so you can opt into security advisory coverage any project you create, including the projects you already created.
These are some recommended readings to help you with maintainership:
- Dries → ' post on Responsible maintainers
- Maintainership →
- Git version control system →
- Issue procedures and etiquette →
- Maintaining and responding to issues for a project →
- Release naming conventions → .
You can find more contributors chatting on Slack → or IRC → in #drupal-contribute. So, come hang out and stay involved → !
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review → . I encourage you to learn more about that process and join the group of reviewers.I thank the dedicated reviewers as well.
- Assigned to apaderno
- Status changed to Fixed
18 days ago 6:05pm 8 April 2025 - 🇺🇸United States cmlara
I usually do not like to object in this queue as it is used to provide access to the security opt in feature which should be a common feature of all projects on D.O.
I am flagging as a questionable approval for future tracking purposes.
As noted in #17 the module is essentially an exact duplicate of an existing module.
Looking at the number of approvals in the queue today (19 approvals in 2 hours) I am concerned that the queue maintainers may have rushed through the process after the queue was allowed to develop a sizeable backlog.
I am uploading a diff between the two modules for posterity.
The majority of the changes are:
- Twig changes of image sources from
/modules/contrib/a11y/...
to/modules/contrib/accesstools/...
(itself likely being wrong since it presumes the module will be installed at the root of the server and under modules/contrib) - PHPCS Changes
- Additional lines in hook_help()
- A couple of variants of using the logger to record errors.
- Twig changes of image sources from
- 🇮🇹Italy apaderno Brescia, 🇮🇹
(Just to open a parenthesis…)
19 approvals in 2 hours
No, there have not been 19 approvals in two hours. There have been 19 issues whose status was Fixed which have been edited. (See 📌 [1.0.x] Twig casings Active , 📌 [1.x] Decorative Images Needs review , 📌 [1.0.x] Field Visibility Conditions Needs review , 📌 1.x Mattermost Logger Needs review . March 27, 2025 is not exactly in the "two hours" range.)
See also comment #17 📌 [1.0.0] Accessibility tools Needs review , to which none of the reviewers replied. It is not that an application is hold on because no reviewer has been able to make a correct review.
- 🇺🇸United States cmlara
No, there have not been 19 approvals in two hours. There have been 19 issues whose status was Fixed which have been edited.
Fair, point.
I had performed a random spot audit on the list and all the ones sampled appeared to be NR->RTBC->Fixed in that window.
I have gone through the list and there may have been a 5th that was already resolved prior to yesterday.. Additionally while reviewing I did notice (however did not account for time on every single issue) that one of those may have been reviewed several hours prior as well before being marked fixed in that ~2 hour window.
See also comment #17, to which none of the reviewers replied. It is not that an application is hold on because no reviewer has been able to make a correct review.
I am a bit confused as to what is being said here. Can you clarify for me?
I'm not sure if you are saying saying that it is policy that an applications will be automatically approved if its sits for an extended period of time without review, or if you were saying that applications should be held until they are thoroughly reviewed.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
The comments were closed for exactly this reason.
This issue has been created from a person to get the permission to opt projects into security advisory coverage. Any discussion on the number of approved applications does not belong to a single approved application, especially when false claims are done. Automatically closed - issue fixed for 2 weeks with no activity.