The drop is always movingYou know that saying about standing on the shoulders of giants? Drupal is standing on a huge pile of midgetsAll content management systems suck, Drupal just happens to suck less.Popular open source software is more secure than unpopular open source software, because insecure software becomes unpopular fast. [That doesn't happen for proprietary software.]Drupal makes sandwiches happen.There is a module for that

Drupal 8 security and me

Submitted by nk on Tue, 2014-05-20 21:11

Summary: if you are working on a core patch which smells like it might be security related please let me know and I will review.

Meanwhile, I am working on switching twig autoescape on -- it is now declared a beta blocker. Help is warmly appreciated, please contact me.

Long story short, as I have tried (and mostly succeeded) in vacating the core queue I found myself in a trap: while I can overlook what I perceive as architecture shortfalls in Drupal 8, as long as I remain within the Drupal ecosystem I can't in a good conscience overlook the security holes and I can't leave the Drupal ecosystem without seriously compromising my fiscal situation. So I am doing what I can to make sure Drupal 8 is secure and completely leave performance, developer experience and such problems to others. I am also trying to help a little with documentation as long as it's not controversial and documentation rarely is.

Commenting on this Story is closed.