Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Phase 1 of #2666584: [Community Initiative Proposal] Project Applications Process Revamp involves decoupling the security team process from the creation of full projects and releases by making it an opt-in process.
This issue is for creating a security team advisory coverage field - which will indicate whether a project has opted into the process.
Implementation details:
Phase 1:
- Add a "security team advisory coverage" field to projects to indicate whether or not they're opted into the process
- Mass update all existing full projects with stable releases to indicate they are 'covere'd ^^ in the new field
- Projects that are not covered should display a warning
- Create a D8 core patch to indicate that opt-in to coverage status in the update status information
- Backport patch to D7
Phase 2: Set up the opt-in process
- Allow security team members to update the security advisory coverage field on projects
- Rename the current 'git vetted' role to something like 'May opt-in to security advisory coverage' <- security team can set up their opt in process to receive that
- This is an evolution of what was originally planned in: #2035235: Add a permission for creating stable releases, and grant to “git vetted” users
- Allow node owners of projects with the 'May opt-in...' role to update the advisory coverage field to opt-in.
Comments
Comment #2
hestenetComment #3
hestenet