Summary: if you are working on a core patch which smells like it might be security related please let me know and I will review.
Meanwhile, I am working on switching twig autoescape on -- it is now declared a beta blocker. Help is warmly appreciated, please contact me.
Long story short, as I have tried (and mostly succeeded) in vacating the core queue I found myself in a trap: while I can overlook what I perceive as architecture shortfalls in Drupal 8, as long as I remain within the Drupal ecosystem I can't in a good conscience overlook the security holes and I can't leave the Drupal ecosystem without seriously compromising my fiscal situation. So I am doing what I can to make sure Drupal 8 is secure and completely leave performance, developer experience and such problems to others. I am also trying to help a little with documentation as long as it's not controversial and documentation rarely is.
Commenting on this Story is closed.