Make the “not covered” security warning more visible on project pages

Are there some tags to use to get a visual review?

I don't know if anyone currently follows these tags, but I added a few.

That said, I think the design actually is looking pretty good and using the new warning style from documentation guides is a good idea.

I wonder if we should use that same style in the lower section where the shield icon is? Or maybe that would look too busy.

What happens for a module that has stable releases for one version of Drupal but not the other?
EDIT: https://www.drupal.org/project/paragraphs is an example, it gets no big warning, hm.

As mentioned to the DA on Twitter as well, this warning is rather hurting our distro project page https://www.drupal.org/project/social

Building this distro took us over a year. The new warning are scary people away from the project now and we can't (nor want) rush towards a 1.x.. (we are now at beta13).
We are fulltime working on this project with 2 teams. The platform is 'stable' although not covered yet.

Since other distros as https://www.drupal.org/project/brainstorm_profile with only a beta1 don't get this scare, we are considering releasing a bs D7 release just to get rid of it. I don't think that is the way we want to go.

I get why we want to push people out of beta, but these changes are making a heavy impact and might people turning away from using, experimenting and contributing to projects in beta. Is that really the way we want to go?

Thanks for your attention!!

Was this reverted after the initial rollout? I'm not seeing this message anymore.

I am also concerned about Tim's comment in #12. Any project that has ever had a full release gets to avoid this message, whereas a project like admin_menu which has NEVER had a full release but is safely installed on over 500k sites gets a big warning.

I feel like a message this glaring will push maintainers to release a 1.0, no matter what state their module is currently in. The Drupal community, especially contrib, has never had a clear standard about what alpha beta and RC mean. Core has finally codified this for its own releases, but contrib is still the wild west.

I know that part of the pushback from the drupal security team on opening up project applications was fear of greatly increasing their workload. I feel like this change will lead to a much larger jump in the number of 1.0 modules they have to deal with than any worries about brand new modules from brand new contributors.

I do not want to discount the Drupal security team and the EXTREMELY hard work they have done so well for years, but I do not want to fall into the trap of overstating the service they provide to the community and setting false expectations for users about the overall security of a module they download.

We are stamping shields and failing to display this dire warning message on thousands of modules that have never been actively reviewed for security issues purely based on those modules age and how long their maintainers have been part of the community.

Can non-1.0 projects opt in to security coverage manually?

Maybe an announcement about the need to check this checkbox can go out to the module maintainers e-mail list?

I feel like the communication behind this rollout has been lacking, we went from the creation of this issue to the rollout in less than a week, when changes like these typically take months or years.