Ticket #899 (new task)
Managing security after Feb 24th, 2016.
| Reported by: | paul | Owned by: | ade |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Drupal modules & settings | Keywords: | |
| Cc: | chris, paul, sam | Estimated Number of Hours: | 0.0 |
| Add Hours to Ticket: | 0 | Billable?: | yes |
| Total Hours: | 1.75 |
Description
Hello,
Just did some research to check how we will manage security after Feb 24th, 2016.
A small group of vendors (approved by the security team) will provide patches for core and some of the most commonly used contributed modules, that are used on their client websites. Security patches will be put in the Git repo for the D6LTS project on Drupal.org, and will be announced in the issue queue. We will just need to monitor this issue queue and apply any security patches.
However, these vendors will not be supporting ALL contributed modules. Each of the vendors will be maintaining lists, and providing them to the Drupal Security Team so they know which issues to include them on. With this in mind shall we send a copy of our list of contributed modules to each of the vendor companies and ask them to provide us with a list of our modules that they are currently not supporting? We can then decide how we should support the modules that are not supported by the vendors.
Best, Paul
