Code review for security advisory coverage applications

Events happening in the community are now at Drupal community events on www.drupal.org.

This group's purpose is discuss, document, and rally around the code review process for new contributors as well as code reviews for existing modules (outside of the security team), and to help people become (better) code reviewers.

This is not a place to ask someone to review your application.

kscheirer's picture

Too much code?

Posted by kscheirer on February 3, 2015 at 6:34pm

This project application https://www.drupal.org/node/2267557 is a good example of a large project. I would say this is a good candidate for a single project promotion, but it would still have to go through some security checks. The volume of code is quite large though - it seems unfair to ask klausi or others to review all of that.

So the question I'm raising is, what do we want to do when there's a very large project being submitted? They are unlikely to get proper reviews. Even if they do get one, it's unlikely that they will receive enough to make it to RTBC.

Read more
2 comments

Reviews and Mentoring for joachim

Posted by joachim on January 24, 2015 at 9:05am
Last updated by joachim on Fri, 2015-02-06 17:25
Read more
1 comment
davidhernandez's picture

Virtual code review sprint, January 17-18, during Drupal Global sprint Weekend

Posted by davidhernandez on January 9, 2015 at 6:51pm
Start: 
2015-01-17 (All day) - 2015-01-18 (All day) America/New_York
Organizers: 
pushpinderchauhan
davidhernandez
Event type: 
Sprint

See https://groups.drupal.org/node/454073

We are holding a virtual sprint during the Drupal Global Sprint weekend, January 17-18. See https://groups.drupal.org/node/447258

The goal of this sprint is to work on project application reviews, particularly helping the Git admins reduce the current RTBC backlog.

Please signup if you are interested in participating. Collaboration for the sprint will happen in the #drupal-codereview IRC channel.

Read more
2 comments Categories:
davidhernandez's picture

Sprinting on January 17-18, and pending policy changes

Posted by davidhernandez on January 8, 2015 at 10:14pm

Hello Everyone,

I talked with a few Git admins about organizing an application review sprint to occur during the Drupal Global Sprint Weekend (https://groups.drupal.org/node/447258). This would be a virtual sprint, so all locations are welcome. The main purpose of the sprint would be to help reduce the RTBC backlog.

We would need Git admins on-hand to approve users, and any non-admin volunteers to help however they can. Of course, I don't consider the exact details up to me. We'll need a person or two to help organize/spearhead efforts.

Read more
9 comments

Reviews and mentoring for AjitS

Posted by ajits on December 15, 2014 at 2:51pm
Last updated by ajits on Fri, 2016-07-15 09:03

This wiki page is created to keep track of AjitS's manual reviews of projects in the project application queue. As a reviewer I hope to get more advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

Reviews list

Full project promote list

<

ol>

  • [D7] Wunderground weather
  • [D7] Menu Item Limit
    • Read more

    Reviews and Mentoring for fusionx1

    Posted by fusionx1 on December 9, 2014 at 2:27am
    Last updated by fusionx1 on Fri, 2016-01-15 04:58

    This wiki page is created to keep track of fusionx1's manual reviews of projects in the project application queue. As a reviewer I hope to get some advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

    Read more
    mpdonadio's picture

    Proposal to make all core maintainers git vetted users

    Posted by mpdonadio on November 13, 2014 at 7:10pm

    Part of the project application review process is to ensure that users have a good grasp of Drupal concepts before we allow them to promote sandbox projects to full projects.

    There are handful of core maintainers that are not git vetted users.

    I propose the following:

    We audit the MAINTAINERS.txt file for Drupal 7 and Drupal 8 and promote everyone who is a

    • Branch maintainer
    • Component maintainer
    • Module maintainer
    • Theme maintainer
    • Core mentoring lead
    • Initiative owner
    • Topic coordinator
    Read more
    7 comments
    klausi's picture

    Handling security issues after promoting users

    Posted by klausi on September 28, 2014 at 7:35am

    If we have promoted a user with the git vetted user role and find security issues in their code afterwards we should not remove the git vetted user role. This can always happen and we have a process to deal with security issues.

    If the project has no stable release yet please report the problem as critical issue in the public queue.

    If the project already has a stable release please please report the problem with the "Rport a security vulnerability" link on the project page. That will create a private issue on security.drupal.org where the coordination with the security team happens.

    Read more
    7 comments
    naveenvalecha's picture

    Plan for reducing the load of duplication projects

    Posted by naveenvalecha on September 25, 2014 at 9:20am

    Problem/Motivation

    Reduce the duplication projects : While reviewing the project applications the duplication of the projects is bit time consuming and we have to find the projects first and then request the user to mention the difference with their sandbox project and the existing drupal.org projects.This process is taking too much time time and will take git administers & reviewers to follow up the application again & again.

    Read more
    4 comments

    Reviews and Mentoring for naveenvalecha

    Posted by naveenvalecha on August 19, 2014 at 6:19pm
    Last updated by naveenvalecha on Wed, 2015-03-04 19:00

    This wiki page is created to keep track of naveenvalecha's manual reviews of projects in the project application queue. As a reviewer I hope to get more advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

    Read more
    10 comments

    Reviews and Mentoring for gaurav.pahuja

    Posted by gaurav.pahuja on August 19, 2014 at 11:59am
    Last updated by gaurav.pahuja on Sun, 2014-09-28 18:45

    This wiki page is created to keep track of gaurav.pahuja's manual reviews of projects in the project application queue. As a reviewer I hope to get some advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

    Read more
    2 comments

    Reviews and Mentoring for pgautam

    Posted by pgautam on August 12, 2014 at 6:14am
    Last updated by pgautam on Tue, 2014-08-12 06:35

    pgautam's reviews for various project application reviews. This is a part of mentoring to become a code review administrator eventually. Please provide valuable advice through comments.

    [D7] SN Quick Field Module
    https://www.drupal.org/node/2070535#comment-7778641

    [D7] Turbo SMS
    https://www.drupal.org/node/2084559#comment-7844349

    [D7] PM User Image
    https://www.drupal.org/node/2079961#comment-7824749

    [D7] Meetup Login
    https://www.drupal.org/node/2086333#comment-7849041

    Read more

    Reviews and Mentoring for lokapujya

    Posted by lokapujya on August 7, 2014 at 11:04am
    Last updated by lokapujya on Thu, 2014-09-04 15:56

    [D7] GPA Calculator
    https://www.drupal.org/node/2315327#comment-9034125

    [D7] Quick Views Display List
    https://www.drupal.org/node/2331047#comment-9120741

    Read more

    Reviews and Mentoring for gwprod

    Posted by gwprod on August 2, 2014 at 4:18am
    Last updated by gwprod on Sat, 2014-08-02 04:18
    Read more
    1 comment

    Reviews and Mentoring for er.pushpinderrana

    Posted by pushpinderchauhan on July 25, 2014 at 3:54am
    Last updated by pushpinderchauhan on Thu, 2014-09-18 08:04

    This wiki page is created to keep track of er.pushpinderrana's manual reviews of projects in the project application queue. As a reviewer I hope to get some advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

    Reviews List:

    Full Project Promote Issues:

    Read more
    18 comments
    heddn's picture

    Let's commend ourselves for a good job!

    Posted by heddn on July 23, 2014 at 2:20pm

    As of this morning, there are only 80 issues in needs review and 70 marked as RTBC. Of those in RTBC, none of them are older than three months. Of those in the needs review status, only one has a creation date of over a year. (There are many reasons that go into why project applications take a long time; which include volunteer reviewer availability and responsiveness of the person applying.)

    Read more
    1 comment
    gisle's picture

    Change documentation guidelines to accept README.md along with README.txt

    Posted by gisle on July 9, 2014 at 9:57am

    So far in my reviews, I have not objected to applicants having a README.md instead of README.txt.. This mainly because it does the job just as well, and it also looks like README.md may one day be supported by drupal.org infrastructure (see: Allow README.md to optionally render a project page).

    However, the Module documentation guidelines says

    All modules should provide a README.txt file.

    There is no mention of README.md at all.

    Read more
    8 comments
    gisle's picture

    Fix the documentation of procedure to set up an empty sandbox

    Posted by gisle on June 22, 2014 at 5:51am

    Edit: This has been fixed now.

    After having browsed through a number of review threads I noticed that very many of them received the following comment:

    Read more
    Categories: ,
    Categories:
    Subscribe with RSS Syndicate content

    Code review for security advisory coverage applications

    Group organizers

    Group notifications

    This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: