Move GitLab security issue triage project to hide issue counts

Created on 4 June 2025, 3 days ago

Problem/Motivation

I had set up https://git.drupalcode.org/security to be a public group, so that it could contain a public project for security issue triage, that would be the inbox for security issues until all projects have their issues migrated to git.drupalcode.org and can use confidential issues. This led to the unanticipated GitLab behavior making issue counts for milestones public, https://gitlab.com/gitlab-org/gitlab/-/issues/537721. Security advisory planned release dates can change for various reasons, and out of an abundance of caution, we don’t want to publicize the schedule.

Proposed resolution

Make the security group private
Create a new group that will be public
Move the issue triage project into that group
Give the security team access to the project
Update integrations to watch the new location
Update documentation

📌 Task

Status

Active

Version

1.0

Component

Security advisories

Created by

🇺🇸United States drumm NY, US

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @drumm

Comment 3 days ago →

System Message

drumm → committed 63a8b56e on 1.0.x

Issue #3528485: Watch a different group for incoming security issues

Comment 3 days ago →
🇺🇸United States drumm NY, US
This is all done, tested, and I’ve updated https://www.drupal.org/drupal-security-team/security-team-procedures/sec... →

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024