Peter Wolanin
2009-07-30 23:42:27 UTC
Hi Duncan,
There is a "maintainers newsletter" which already exists and might be
a good place for this. That newsletter has not gotten much love or
content, so perhaps you can join in and help get it out more
regularly?
Here are past issues, and you shoudl be able to subscribe (or are
force-subscribed if you're a module maintainer)
http://drupal.org/forum/118
There is a group for newsletters here:
http://groups.drupal.org/drupal-newsletter
You might also get so volunteers at
http://groups.drupal.org/coding-standards-and-best-practices
-Peter
Pending work: http://drupal.org/project/issues/documentation/
List archives: http://lists.drupal.org/pipermail/documentation/
There is a "maintainers newsletter" which already exists and might be
a good place for this. That newsletter has not gotten much love or
content, so perhaps you can join in and help get it out more
regularly?
Here are past issues, and you shoudl be able to subscribe (or are
force-subscribed if you're a module maintainer)
http://drupal.org/forum/118
There is a group for newsletters here:
http://groups.drupal.org/drupal-newsletter
You might also get so volunteers at
http://groups.drupal.org/coding-standards-and-best-practices
-Peter
dbabbage sent a message using the contact form at http://drupal.org/contact.
Hi there,
Have selected "security issue" as this is a suggestion for the security
team—apologies if this means it is escalated inappropriately.
I'm contacting you to suggest the idea of a security newsletter that
presents case studies on how to write secure code. One of the great things
about the Drupal community is that it provides a welcoming entry point for
people new to development like myself. We have been using Drupal a while, we
then write a few patches, we contribute a bit more substantially to a
module, we write a module of our own, we end up porting another modules to a
newer version of Drupal and then ultimately take over the maintaining them
too, we start to submit core patches. (This describes my entry to the
community anyway.) We may have read the "writing secure code" guidelines,
and certainly intend to write secure code, but we may or may not have taken
it *all* in and may unknowingly have sometimes not followed the guidelines.
I subscribe to the security announcements, and I often think I could
probably learn something useful by examining a diff of the fixed vs.
previous versions of the modules that had security issues—but I've never
gotten around to doing it. So I'd like to suggest that a email newsletter
could from time to time present examples of insecure code that was found in
a module, a short explanation of what made it insecure, and sample code with
an explanation of how it was fixed. I think less experienced developers
could learn a lot.
Probably this would need to be a separate subscription to the main security
announcements list, because some people wouldn't want it—but I'd certainly
subscribe.
Cheers,
Duncan
--
[ Security | http://lists.drupal.org/listinfo/security ]
--Hi there,
Have selected "security issue" as this is a suggestion for the security
team—apologies if this means it is escalated inappropriately.
I'm contacting you to suggest the idea of a security newsletter that
presents case studies on how to write secure code. One of the great things
about the Drupal community is that it provides a welcoming entry point for
people new to development like myself. We have been using Drupal a while, we
then write a few patches, we contribute a bit more substantially to a
module, we write a module of our own, we end up porting another modules to a
newer version of Drupal and then ultimately take over the maintaining them
too, we start to submit core patches. (This describes my entry to the
community anyway.) We may have read the "writing secure code" guidelines,
and certainly intend to write secure code, but we may or may not have taken
it *all* in and may unknowingly have sometimes not followed the guidelines.
I subscribe to the security announcements, and I often think I could
probably learn something useful by examining a diff of the fixed vs.
previous versions of the modules that had security issues—but I've never
gotten around to doing it. So I'd like to suggest that a email newsletter
could from time to time present examples of insecure code that was found in
a module, a short explanation of what made it insecure, and sample code with
an explanation of how it was fixed. I think less experienced developers
could learn a lot.
Probably this would need to be a separate subscription to the main security
announcements list, because some people wouldn't want it—but I'd certainly
subscribe.
Cheers,
Duncan
--
[ Security | http://lists.drupal.org/listinfo/security ]
Pending work: http://drupal.org/project/issues/documentation/
List archives: http://lists.drupal.org/pipermail/documentation/