For a long time the security team documentation has grown in fits and starts inside of security.drupal.org with a somewhat challenging organization. About 9 months ago I started a process to archive unnecessary/outdated items, consolidate the good stuff, and organize it into a single google document for editing to allow people outside the team to help. Since then, several people helped out and in the last week (starting at Drupalcon Munich) Ben Jeavons and I moved it all to public book pages on Drupal.org. You can now find the previously private content inside:
- The main security team page
- A Security Team procedures book section
- Joining the security team on s.d.o
Our hope is that people who are not on the team will help to consolidate this information further, re-write confusing sections. Overall the biggest problem seems to be inconsistencies, duplicate and redundant information. Our focus should be on reducing word-count (without sacrificing content/clarity) and rewriting for readability wherever possible. We want a friendly tone that focuses on the security team supporting project maintainers.
I would like to thank several people who helped at various stages in the process of moving it public:
* David Rothstein, Stephane Corlosquet, Jakub Suchy, Heine Deelstra, Mori Sugimoto and many others who helped write the original documentation
* Angela Byron, Forest Monsen, Stephane Corlosquet, Ben Jeavons, Chris Hales - members of the security team who edited or commented on the doc to make it better
* Kathleen (kktaus), Craig Norris, galooph, melissavdh - members of the broader Drupal community who edited or commented to make it better
Thanks to everyone who has provided documentation of the team and our processes. And, again, I encourage anyone to help edit the public docs for consistency, clarity and brevity!