Dag Wieers wrote:
> At least there is a process of reporting out-of-core security problems.
I dont see how that is relevant, CVE's are open to anyone to report
against / for ? so whats your point ?
> Why should the Drupal team be responsible of code they clearly do no
> support ? Go and talk to the module's developers to see what processes
> they have before you use it.
Sure, that should be something that whoever decided to test and look
after drupal ( should we select it ) should do, if the built in core
modules are unable to handle the issues we need it to.
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #centos at irc.freenode.net