Drupal's Security Model #71
Comments
|
I know there was problem with Drupal.org and our composer workflow that stopped use from making releases on Drupal.org. I think is general problem for Distros on Drupal.org that want to use composer. I think Lightning has to jump through some hopes to get there release to work. I think another problem with having tar file releases on Drupal.org is that gives them impress that use should actually use them which I don't think we would recommend because it make composer workflow much more difficult. But I am not speaking from experience on this. |
|
Thanks for the good response here @tedbow. Seems the community is in a bit of a tight spot until we find a better model to deal with composer & security. |
When Reservoir & the Reservoir distribution of Drupal 8 get security updates, how will I be informed.
Usually this has been done through Drupal.org so all users get notified & can keep track. I couldn't find a d.o project for this.
Could be that there are additional tools I'm not familiar with, but would make sense to post something on drupal.org/project/reservoir I think. Like many projects, it is fine to use GitHub for engaging with other developers and getting access to their tool-set. But there should be releases up on d.o still I think.
The text was updated successfully, but these errors were encountered: