►
From YouTube: Backdrop Weekly - Feb 18
Description
Today’s development agenda: http://bit.ly/2XuFBpO
A
All
right
we're
on
air,
it's
Thursday,
February
28th,
and
this
is
meaning
to
check
in
on
active
development
test
the
backdrop
CMS.
So
before
we
get
into
new
items,
there
is
an
update
from
the
PMC.
This
week
we
had
a
vote
on
policy
for
security
releases
and
it
looks
like
everyone
who
has
voted
has
agreed,
and
we
have.
A
majority
of
the
vote
is
fast
that
we
will
maintain
releases
for
the
last
two
versions
with
backdrop
to
minor
versions.
A
But
right
now,
because
we
have
a
limited
number
of
four
maintainer
and
we
have
a
limited
number
of
users
and
everyone
seems
to
be
saying
relatively
up-to-date.
We
think
that
those
two
minor
versions
back
is
put
enough
first
step.
So
next
steps
on
this
policy
are
to
update
our
security
page
and
find
other
places
where
people
might
be
looking
for
this
information
and
make
sure
that
is
prominently
listed.
A
A
A
Yeah
that
counts
all
right.
So
moving
on
to
our
website
spectrum
semester,
org,
the
only
issue
here
I
have
highlighted
is
the
need
to
update
the
security
page
with
a
bunch
of
other
stuff
that
we
need
to
figure
out
for
our
backups
in
a
storage
site.
We
talked
about
it
in
detail
in
the
design
and
user
experience
meeting
last
hour.
So
if
you're
innocent
watching
that
you
can
but
nothing
new
there
we're
on
site
we've
been
having
a
flurry
of
new
people
who
are
interesting
joining
the
forum,
which
is
fantastic,
I.
A
Think
because
Drupal
sent
an
email
out
earlier
this
week,
announcing
the
Drupal
7
end-of-life
date
and
so
I
think
it's
been
a
little
bit
of
a
motivator
for
everybody
to
figure
out
what
they're
gonna
do
next
I'm
really
happy
that
they
found
backdrop
and
that
they're
trying
to
participate
in
the
forum,
but
it
would
be
really
good
if
we
could
turn
off
moderation
and
let
people
just
create
their
own
accounts.
Unfortunately,
we've
been
having
a
ton
of
spam
accounts
that
create
accounts,
and
then
post
spam
content,
and
so
right
now
we've
got
it
set
up.
A
So
moderation
is
on
our
current
workaround
tells
them
to
email
info,
effective
CMS
if
they
would
like
to
get
their
account
unblocked
and
we've
had
a
handful
people
do
that,
but
I
would
imagine
they're,
probably
a
bunch
of
people
who
just
decide
to
give
up
at
that
point,
and
it
will
be
great
if
we
could
get
our
spam
drop.
I'm
sorry
go
so
I
had
set
up
the
Akismet
module
on
vector,
FCMs
org
and
they
have
special
I.
Think
there's
like
a
special
non-profit
deal.
You
can
get.
A
You
still
have
to
pay,
but
you
pay
less
and
you
get
an
unlimited
number
of
domains
and
so
I
think
that
if
we
started
paying
for
that
surface,
we
could
add
our
other
sites,
like
the
forum's
like
the
API
site,
whatever
other
sites
we
may
need
in
the
future
in
order
to
get
that
spam
issue
under
control,
however,
need
knows
a
little
something
about
spam
and
he
might
have
other
thoughts
on
how
we
can
help
mitigate
this
problem.
Right
now,
our
site
is
currently
running.
Honeypot,
ants,
I
bought
and
capture
an
asana.
B
And
we
also,
we
stopped
using
for
forum
the
status
of
like
requiring
someone
to
approve
new
users,
which
is
posing
a
problem,
though,
like
at
least
we
need
to
have
a
dedicated
group
of
people
that
react
if
this
some
way
that
we
can
send
notifications
out
like
email
notifications
that
there's
new
sort
of
like
pending
applications,
I
thought
that
maybe
we
can
do
something
with
the
rules
module
though
I've
not
tested.
Anything.
A
set
and
I
volunteer
myself
to
be
one
of
the
people
that
are
they'll,
be
reacting
to
those.
C
D
C
And
then
well,
first,
first
I
guess
we
need
to
identify
the
kind
of
spam.
Like
hasn't,
been
clear
to
me
at
least
whether
or
not
it's
humans,
human
spam
or
robot
spam.
You
know
like
it
or
if
a
human
is
doing
the
initial
setup
and
then
telling
the
robot.
You
know
here's
my
credentials,
you
know
go
at
it.
You
know
so
I
think
establishing
the
kind
of
spam
that
we're
getting
it
would
be
like
that's
necessary.
Initially,
Akismet
will
only
work.
It
won't
really
work
well
for
new
applications.
C
A
C
Because,
because
my
understand
kismet
is
that
it
was
primarily
made
for
approving
comments
posted
to
WordPress
blogs,
and
so
it
was
text
analysis
of
the
comments
that
was
posted,
so
it
it
might
be
good
at
stopping
spam
after
the
person
has
created
an
account,
but
at
that
point
they're
already
making
a
whole
bunch
of
spam,
probably
throughout
the
site.
It
also
means
that
everybody
would
be
subject
to
Akismet
parsing
their
posts
every
single
time
which
might
be
okay.
You
know
so
anyway.
C
A
We
have
a
nun
background,
sanest
org,
you
can
sort
of
tell
I
just
don't
think,
there's
the
same
demand
for
a
council
on
backdrops
and
mr.
Berg
is
on
the
forum
like.
If
you
are
a
spammer.
Your
opportunity
to
stay
on
the
forum
is
much
better
than
doctor
of
CMS
org.
So
I
think
that,
like
the
forum
is
likely
to
be
a
target,
we're
back
Terps,
you
missed
or
isn't
so
I'm,
not
really
sure
that
they
like
having
it
is
not
there.
A
On
one
site
we're
supposed
to
be
paying
for
it,
I
told
them.
We
would
pay
for
it
and
ask
them
for
a
non-profit
account,
and
they
said
yes
and
if
you're
not
happy,
County
also
get
unlimited
domains.
Now
so
glad
that's
great,
but
then
we're
not.
We
haven't
paid
them
for
it.
So
I
think
if
it's
not
like,
if
we
don't
think
we
should
use
it,
I
should
probably
stop
and
turn
off
on
factor
to
network
so
that
we're
not
using
it
without
paying
for
good,
but
I
didn't.
D
A
Said
that
was
fine
to
test
it
and
see
if
it
work,
so
what
we
could
do,
here's
an
idea
turn
it
off
on
micropenis
at
oregon,
turn
on
on
the
forum
and
see
if
it
helps.
If
it
helps,
then
we
start
paying
for
it.
If
it
doesn't
help
them,
we
turn
off
everywhere,
all
right
Jeff's,
not
just
that's
thump,
that's
good
enough
me.
C
D
D
A
My
heart
change
as
soon
as
possible.
I
think
that's
just
showing
people
that
we
have
a
language
server
I
think
is
gonna,
be
a
huge
benefit,
even
if
there
aren't
all
the
languages
there
you're
the
one
they're
looking
for,
isn't
there
yet
and
if
they
know
it's
there
and
they
see
that
it's
missing.
That
might
also
be
a
spur
to
get
them
to
contribute
or
volunteer
to
maintain
a
language.
So
I
think
that
I
think
that
would
be
as
soon
as
you're
comfortable
with
it
I'd
be
happy
to
switch
I.
Think,
okay,.
D
A
Maybe
so
you
have
a
point:
yes,
as
soon
as
the
automatic
generation
of
no
child
is
working,
I
think
that
might.
D
D
E
I
have
a
script
that
will
grab
the
latest
backdrop
and
run
the
trash
products
and
get
the
release
files,
and
then
it
will
create
a
translation
release
on
the
translation.
Server
I
need
to
extend
that
so
that
it
when
it
creates
the
release
to
also
populate
the
file
field.
That
takes
the
PIO
files
that
are
generated
from
other
stuff.
E
So
that's
where
I'm
at
with
that
and
then
once
that's
done.
I
need
to
have
that
run
on
the
server
system,
cron,
which
I'll
probably
have
to
make
cooperate
with
Justin
to
get
that
part
hooked
up,
but
once
I
have
the
stuff
I'll
tell
them
what
I
need
to
be
hooked
up,
and
he
can
probably
do
that
pretty
easily.
D
E
Yeah,
it's
just
about
this
I
think
that's
a
great
idea,
I,
just
depending
on
what
kind
of
free
time
I
can
come
up
with.
I
did
the
initial
push
I
think
maybe
two
weekends
ago
and
I
haven't
been
back
to
it
since
this
coming
week,
I
have
my
company
co-working
week,
so
I'm,
probably
not
gonna,
have
much
time
at
all,
but
maybe
the
week
after
that,
I
could
get
to
it.
E
D
D
C
Yeah
I
actually
think
obtain
the
link
and
cor
we
should
do
like.
We
should
do
that
right
away.
It's
it's
so
weird
that
we
link
over.
Did
your
blood
work
like
it's
one
of
the
last
drupal.org
links
that
we
have
in
the
entire
application
it
first
page
you
see
in
all
of
backdrop,
links
to
drupal.org.
It's
not.
C
We
could
write
out
any
kind
of
stub
page
on
Makarov
CMS,
don't
work
that
it's
just
like
how
to
install
in
multiple
languages
and
just
be
frank
about
it.
You
know
like
we're
currently
working
on
this.
You
know
here's
where
it
is
and
explain
the
current
status
of
things,
even
if
it's
not
complete,
I
knew
that
as
soon
as
possible
and
then
as
the
process
changes.
Well,
we
just
continue
updating
that
page.
You
know
so
yeah
we
should
yeah.
That's
all
I
can
say
I'm,
okay,.
A
D
A
C
I'll
just
say
that
we
reviewed
all
of
the
items
for
this
week,
mostly
theirs,
well
pretty
much
in
all
cases
of
our
normal
highlighted
things
that
hasn't
been
any
activity,
but
the
exception
of
some
more
RTL
issues
and
more
RTL
for
requests
have
been
created
and
filed,
which
is
fantastic
but
other
than
that.
So
all
the
items
who
normally
would
mention
they
don't
have
updates
there
are
eight,
are
TBC
issues
too
for
me
to
be
going
through,
I,
guess
and
Jeff.
That
would
be
awesome.
C
A
B
Added
most
of
these,
so
we
we
have
discussed
in
the
past
that
the
fact
that,
once
you
become
a
member
of
the
contributed
group,
you
have
in
theory
not
in
theory.
In
practice,
you
have
access
to
push
in
every
project
but
sort
of
like
it.
We
have
it
as
a
sub
like
ethical
behavior,
not
to
unless
you're
a
maintainer,
and
then
we
discussed
that
this
there's
a
lot
of
cases
of
people
that
are
just
putting
and
doing
the
initial
parts
of
the
modules,
but
they
don't
they're
not
interested
in
maintaining
them
thereafter.
B
So
we
discussed
about
I
am
sort
of
like
a
scheme
that
that
will
benefit
the
way
that
we
work,
because
we
are
a
small
community
still
and
that
we
could
sort
of
like
crowdsource
the
the
support,
the
maintenance
of
some
of
these
modules.
If
we
had
a
group
of
people
that
were
knowledgeable
enough
to
sort
of
like
cross
port
updates
from
various
modules,
and
recently
it
came
up
that,
maybe
we
should
have
also
had
a
subgroup
of
this
group
that
is
doing
security
updates.
B
So,
basically,
in
the
company,
the
agency
that
I
work
for
I
am
sort
of
like
a
security
release,
monitor
and
a
letter
person,
so
I
can
at
the
same
time,
check
which
of
these
modules
have
been
quoted
in
backdrop
and
at
least
at
the
very
least,
file
we're
not
supposed
to
file
issues
at
least
sort
of
like
be
a
member
of
the
security
group
in
Peter
and
then
raise
those
sort
of
like
concerns
and
yeah.
We
didn't
take
it
from
that.
B
E
If
we
make
a
backdrop
control,
slash
security,
repo
that
is
private,
similar
to
how
we
have
the
backdrop,
security,
repo,
which
is
private,
then
we
could
have
an
independent
list
of
a
subset
of
the
contribute
members
that
are
privy
to
that
repo.
And
then
we
can
at
least
record
and
report
out
when
we
see
these
modules
that
we
know
need
security
updates
right
now,
I
dumped
them
into
the
security
getter
I
am
channel,
but
it's
not
reaching
the
right
audience.
It's
not
reaching
the
the
contribute.
A
nurse
yes.
A
I
think
we
should
review
our
like
contribute
to
start
with
a
one
thing
that
I
think
we've
said
in
the
past
is
that
we
won't
reach
out
to
the
maintainer
of
the
project
that
needs
to
release.
We
need
to
figure
out
what
that
quote.
Reach
out
thing
means,
because
if
that
person
is
already
a
member
of
the
security
team,
they
will
see
that
notice
that
you
put
in
this
security
channel,
but
if
they
aren't
that's
where
we're
gonna,
miss
them
and
I
think
that
same
thing
will
happen,
even
if
we
have
a
second
security
channel.
A
That's
just
for
contra
and
I
wonder
if
there
is
enough
people
that
don't
overlap
between
those
two
groups
that
that
would
be
valuable
to
have
that
at
least
right
now,
I
feel
like
all
the
people
who
are
on
our
security
team
are
right.
Now,
our
super
active.
Can
you
maintain
errs
as
well
and
I,
think
that
might
be
the
right
place
to
do
that
I
think?
Maybe
we
just
need
another
step.
That's
like
when
we
know
there's
a
security
release
for
your
module.
We
either
contact
you
through
github
or
Vegas.
That's
the
only
way.
A
We
would
have
to
reach
out
to
these
people
right
now,
because
we
don't
necessarily
have
like
personal
emails
for
everyone
in
the
picture.
So
we
just
need
a
better
process
for
that
and
I
or
if
the
release
is
already
public,
we
could
put
a
issue
in
their
issue.
Queue
I,
don't
know
how
you
guys
feel
about
that.
It
really
depends
on
that
release.
I
guess.
But
if
the
Drupal
releases
out
is
there
any
danger
to
having
a
public
issue
public
you,
the.
E
B
B
What
happened
this
time
for
the
two
modules
that
was
a
the
we're
updated,
is
I
just
sort
of
like
sporadically
sort
of
like
reacted
to
the
focal
point.
One
and
I
just
created
a
pull
request
and
merged
it
and
created
a
release
as
well,
which
is
the
Miss
Pacific
module
I
momentarily,
took
a
look
at
herbs.
Name
was
on.
The
list
of
maintain
is
that
it
was
actually
who
ported
it
and
the
maintainer
the
maintainer
ship
status
was
seeking
maintenance,
which
is
related
to
that.
B
Hole
yeah:
he
didn't
even
make
a
pull
request,
yet
just
committed
made
a
commit
directly,
so
there
was
nothing
sort
of
like
public,
although,
as
I
said
my
my
pull
request
was
there
for
like
a
minute
or
maybe
a
few
seconds,
yeah
I
think
we
should
keep
it
that
way
because,
as
Deb
said,
it's
like
yeah
we're
a
small
community,
but
but
you
never
know
it's
better
to
be
safe
than
sorry.
Okay,.
B
B
B
So
to
that
end,
I
did
already
create
a
security
lease
announcement
for
for
the
focal
point,
but
I
have
not
published
this.
Okay
and
I
can
do
the
same
for
the
Babbitt
wall.
It's
just
that.
I
need
some
clarifications
on
our
policy.
With
regards
to
the
section
that
we
have
for
who
reported
it,
who
fixed
it
and
who
coordinated?
Do
we
leave
the
respectively
total
users,
as
sort
of
like
credits,
yeah.
A
I've
been
copying
all
of
the
Drupal
that
works
people
over
and
then
anyone
in
back
job
who
worked
on
it
also
I
add
so
like.
If
you
did
the
for
us,
we
want
to
put
your
name
in
the
fixed
thing
and
then
it
flares
it.
The
other
one
I
do
the
same
in
the
next
thing
too,
and
if
there's
someone
else
like
usually
Tim,
helped
me
figure
out
like
how
to
create
issues
and
stuff
last
time
and
added
him
to
the
coordinated
list
as
well.
A
A
B
A
We
do
you
think,
because
everybody
who
was
involved
in
the
joyful
thing
should
already
get
credit
in
our
other
areas.
We've
the
Drupal
people
in
the
coordinated
list,
but
then
add
whoever
else
in
backdrop
was
helping
too.
So
just
we
shouldn't
be
leaving
anyone
off
who
was
involved
in
the
Drupal
thing,
but
add
anyone
who
you
think
deserves
credit
for
helping.
A
B
My
other
concern
is
least:
we
seem
to
be
coordinating
security
releases
with
Drupal
security
thing
when
it
comes
to
for,
but
we
do
not
do
that
for
the
trip.
So
I
think
that
this
is
subject
to
the
criticality
of
the
security
releases,
but
we
sort
of
like
have
a
gap
there,
and
we
do
that
reactively
instead
of
proactively,
so
so
I
know
that
it
might
be
a
bit
unfair
and
that's
why
I
think
that
we
should
sort
of
like
specify
this
in
the
security
policy.
B
If
there
is,
if
the
security,
sorry
that
country
security
squad
becomes
a
thing,
for
example,
the
security
port
that
I
did
was
a
single
liner.
So
in
these
cases,
was
pretty
straightforward,
it
was
just
a
function
that
they
had
a
Drupal
something
named
and
it
made
it
to
be
changed
back
for
something
named
and
I'm.
Confident
with
such
changes,
but
there's
two
things
that
we
got.
B
A
Yeah
I
think
that's
really
fair.
I
saw
that
you
guys
were
working
on
those
and
I
was
like.
Oh,
oh,
no,
there's
a
whole
bunch
of
Drupal
security
stuff
out.
Oh
Jeff's
got
it.
Okay,
people
are
helping
him.
Okay,
it's
fine
and
so
I
didn't
get
involved
because
I
had
other
stuff
going
on.
But
if
you
had
been
like.
B
As
I
said,
it
is
subject
to
the
criticality
of
the
issues
and
we
are
a
small
community,
so
the
what
you
call
it
the
the
window.
That's
the
spectrum
of
besides
being
affected
is
rather
small
because
the
respective
contributed
modules
are
installed
in
this
site,
but
nevertheless
we
should
thank
security
seriously
and
yeah
I.
A
Love
it
and
I
would
love
it
if
we
can
taco
document
all
this
stuff
to
like
I,
don't
know
our
security
pages
enough.
What
like,
maybe
we
should
have
like
a
separate
page
for,
like
you
know,
couldn't
rip
security
where
I
live
on
the
front
page.
We
can
just
put
those
up,
you
know
whatever
overview,
but
then
the
details
of
like
how
we
actually
handle
it
when
it
comes
out
who
to
contact
how
to
get
in
touch.
A
How
to
you
know
all
of
the
details
that
I
can
share,
maintainer
might
need
I
would
love
to
make
that
much
easier
for
them
to
get
out
or
for
somebody
who
is
evaluating.
Am
I
comfortable
being
a
maintainer
project?
What
do
I
need
to
know,
or
someone
is
just
looking
at
back
trip
as
a
whole
like
how
do
they
handle
security,
just
making
sure
we're
very
public
about
the
process
so
that
everybody
there
aren't
any?
Yes.
B
I
think
to
note
as
well
is
that
most
agencies
I
think
moving
towards
automating
the
the
patching
process
and
the
agency
that
I
work
for
is
also
looking
to
move
towards
that.
But
in
the
meantime,
if
we
have
people
among
the
bat-rope
community
which
are
responsible
for
updating
the
their
sites,
these
are
good
candidates
to
help
with
us
as
well
sort
of
like
even
notifying
us.
Even
so
like
being
active
and
saying
hey
guys,
you
know
that
security
reduces
up
its
critical
high
proportion.
So
like
yeah
thanks
boy,
yeah,
yeah,.
A
And
that's
part
of
my
job
too,
is
every
week:
I
have
a
task
for
like
seven
sites
and
maintaining
like
go
and
check
off
the
modules,
so
I
tend
to
find
you.
I
was
like
well
I
have
like
seven
sites
updates,
so
I
hope
that
you
guys
have
let
your
kid
show,
but
you
did,
which
is
great
but
yeah.
So
I
definitely
think
like
the
more
people
like
me,
who's
in
their
daily
job
is
like
checking
on
that
who
we
get
involved
in
this.
The
better
I
don't
know
Jeff.
A
E
A
Great
well,
thank
you
for
being
so
on
top
of
that,
but-
and
thank
you
very
for
something,
I
was
really
appreciate
that
you
guys
said
it.
Oh
yeah
it'll
be
great
to
write
all
that
down.
If
there's
anything
we
talked
about
today,
that
you
guys
think
like
needs
a
emc
decision
like
around
bug
squad,
or
how
did
you
contrive
security.
E
A
A
D
F
F
B
Think
I
think
it
boils
down
to
the
fact
that
the
Drupal
security
team
is
sort
of
dancing
not
busily
but
they're,
the
ones
that
are
reaching
out
they're
sort
of
like
the
for
team
and
then
the
others
are
sort
of
like
outside
is
sports,
and
then
it
would
be
another
sort
of
like
overhead
to
try
and
reach
out
the
contra
bin
man
backdrop
and
they
would
have
to
do
it
through
us.
So
it's
like
they
have
to
coordinate
with
mate
against
and
then
night
would
have
to
reach
two.
B
So
there's
additional
steps
that
are
involved
and
and
I
understand
from
my
sort
of
like
a
workload
point
of
view.
I
understand
it's
perfectly
understandable
and
if
we
can
help
it
on
our
end,
then
then
we
should,
and
since
the
the
announcements
are
being
out
in
emails,
then
then
I
guess
we
can
sort
of
like
I
act,
react
on
boys
relatively
quick.
My
only
concern
is
that
if
I
am
going
to
be
the
only
person
doing
this,
if
I'm
away
on
holiday,
I
would
need
someone
to
be
at
the
back
up.
B
A
B
A
I
definitely
would
want
a
voluntary
beyond
that
security
release.
Team
I
think
most
of
my
clients
understand
that,
like
if
something
major
is
coming
out,
I'm
gonna
fix
backdrop
before
I
get
to
their
site
and
they're.
Okay
with
that,
and
so
I
think
that
I'm
having
to
put
my
name
on
that
list
and
if
things
happen
and
no
one
else
can
get
to
it,
I
can
help
with
those
two
I
think.
What's
super
helpful
for
me
is
to
have
Jeff
just
like
point
out
like
hey.
A
A
Like
okay,
it's
not
nearly
as
bad
as
I
thought
of
us
initially,
which
I
thought
was
great
just
to
have
that,
like
initial,
like
hey
guys,
this
is
what
happened.
This
is
how
it
affects
us
and
then
from
there
the
amount
of
work
left
to
do
I.
Think,
like
you
know,
you
were
able
to
do
a
lot
of
it.
Gregory
learns
it'll
help
I'm
happy
to
put
my
name
on
that
list.
I
think
we
could
have
a
collection.
People
are
like
we're
available
on
any
given
day.
A
E
For
what
it's
worth,
Gregory,
usually
I
ping,
the
maintainer
of
the
module
to
to
see
if
I
can
just
point
them
in
the
right
direction
and
get
them
to
do
it.
I
think
you
made
the
right
call
on
focal
point,
since
it
didn't
have
an
active
maintainer,
but
just
just
FYI.
It
is
a
matter
of
process.
Yeah
yeah.
A
If
you
saw
it
like
her
courted,
if
it
wasn't
actively
maintaining,
he
would
be
a
still
be
a
good
resource
for
you
like,
if
you
needed,
help
he's
probably
the
one
who's
most
familiar
with
that
project
so
and
I
found
that
too,
or
sometimes
be
like.
Oh
no,
what's
maintaining
this
module
but
like
I
need
to
work
on
it
and
if
I
can
take
the
person
importer
to
their
oh
I'm,
not
using
anymore,
but
this
is
what
I
know
you're
like
thanks.
That's
all
I
painted
and
that's
and
lenses
yeah.
B
There
were
a
few
factors
in
this
case
which
were
sort
of
like
work,
to
my
benefit,
the
fact
that
it
was
a
single
liner,
the
fact
that
there
were
no
er,
no
other
commits
in
the
respective
Drupal
module
beyond
that
for
years,
so
it
was
sort
of
like
a
symbol,
okay,
so
to
say.
Nevertheless.
This
is
why,
if
you
saw
my
comments
in
Kittery
was
sort
of
like
I
saw
like
hastily
or
an
Aquila,
he
reacted
and
then
I
was
sorry.
B
E
B
Discussed
the
security
sort
of
like
bit
of
it,
but
the
the
the
proposal
that
precedes
that
is
the
general
contribs
quad,
which,
from
what
we
generally
discussed,
is
that
it
is
if
there
are
patches,
sorry
pull
requests
that
are
pending
for
quite
some
time
and
there's
people
that
have
received
them.
But
the
maintainer
is
not
responsive.
Then,
if
those
are
pretty
straightforward,
then
people
from
those
when
that
group
would
step
in
and
just
you
know
at
least
make
a
pre-release
or
something
like
that.
Instead
of
unofficial
release,
I
don't
know
where
we
stand
on
that.
A
Danger,
though,
to
having
like
a
crowdsource
future
project,
it's
a
real,
easy
way
to
like
lose
focus
and
make
sort
of
a
mess
of
everything,
so
I
think
having
like
our
general
philosophy
of
like
you,
maintain
the
module.
Maybe
it's
one
person,
maybe
it's
two
people,
whatever
they're,
officially
the
maintainer,
and
only
in
the
cases
where
you
have
like
a
bug,
that's
been
on
thinking
that
needs
whatever
do
you
have?
A
Someone
else
has
the
ability
to
apply
it,
and
we
might
even
go
as
far
as
to
say
that,
like
the
bugs
flood
can't
make
a
release
and
so
that,
if
you're,
like
a
kinship
user
and
you're
like
I,
don't
know
how
to
apply
a
patch
or
for
Quest
or
whatever
you
can
just
download
like
latest
head
or
whatever,
like
download
the
tarball
from
the
project,
and
then
that
way,
it
leaves
it
ups
that
maintainer
did
to
decide
like
okay
I've
looked
at
these
bugs
they're,
totally
or
I
need
to
make
some
changes.
A
A
There's
a
difference,
I
think
there's
like
the
bug
squad
doesn't
do
security.
That
could
be
a
much
larger
group
of
people
who
are
just
capable
of
like
here's.
Our
two
PC
issues
and
people
are
complaining
about
not
having
a
fix
or
whatever.
Then
there's
a
security
team,
and
those
are
people
who
are
authorized
to
make
security
releases
and
usually
something
that's
time
critical.
We
need
to
get
something
out:
everybody's
computer.
That
says
you
have
to
update
your
module
whatever
it
is,
and
then
everything
else
belongs
to
the
maintainer
yeah.
B
F
B
G
B
So
what
happens
is
I
think
that
we
should
do
the
same
thing
as
we
do
when
it's
there's
a
maintainer
sort
of
like
chains
request
where
we
wait
for
a
couple
of
weeks,
and
then
we
switch
maintainer.
It
says
that
I
don't
want
to
put
the
burden
on
to
the
people
that
have
volunteered
to
be
in
the
contribute.
Well,
because
they
want
to
do.
They
might
want
to
do
individual
fixes,
but
not
necessarily
become
the
maintainer
of
those
modules
that
makes
sense
well.
G
B
G
D
Miss
Gregg
is
there
special
reason,
the
modules
while
you're
talking
about
the
back
squared,
because
it's
there's
always
the
possibility
to
ask
the
maintainer
to
commit
something
to
file
pull
requests.
Yes,
it's
maybe
difficult
in
contrib
more
difficult
to
find
a
pull
requests
and
to
without
a
test
site
and
so
on.
But,
however,.
B
B
So
if
we
see
issues
that
are
affecting
really
badly
like
breakages
in
a
module
and
they
had
not
been
reacted
for
like
two
or
three
weeks,
then
I
think
it's
only
fair,
since
we
have
access
to
just
fix
it
for
the
majority
of
the
people
using
it,
and
this
becomes
a
more
important
issue,
the
more
popular
the
the
module
is
and
I
guess.
In
these
cases
you
will
have
a
bunch
of
people
storming
into
the
invitation
saying
I.
Why
is
this
not
committed?
B
It's
becoming
a
burden
for
our
system
that
we
update
or
something
like
that
we
build
aside.
So
if
you
have
like
five
people
saying
why
it
has
done
this
being
committed
and
it's
being
tested
and
okay
and
the
maintainer
hasn't
responded
for
a
month,
then
I
think
it's
epically,
okay,
sort
of
like
step
in
it's
something
that
we
would
need
to
consider
once
our
community
grows
bigger.
B
But
then
we
would
need
to
I
guess
to
change
the
whole
permissions
thing,
because
it
will
become
an
issue
later
on
and
we
have
discussed
this
in
the
past.
It
will
become
an
issue
if
we
allow
people
arbitrary
to
join
and
then
have
the
capacity
to
go
and
change
something
in
500
modules.
It
is
dangerous.
Nothing
is
stopping
anyone
at
this
point
from
doing
that
is
just
that
we
are
a
small
community.
It's
like
75
77
of
us
there
and
only
around
30
are
active.
So
it's
sort
of
like
relatively
safe,
I
guess.
B
Ok
next
subject
is
the
security
announcement
procedures,
which
is
what
we
discussed
already
all
I
needed
to
know.
It's
like
there's
at
least
me
also
has
access,
then
also
has
access
in
video
table.
So
we
can
be
drafting
security,
announcement
announcements
and
then
have
someone
review
it
if
possible
and
just
release
it.
I
have
already
created
one.
It
just
needs
a
little
bit
polishing
or
the
focal
point
with
regards
to
dimension
the
credits
to
the
people,
I'll
publish
that
and
then
I'll
also
create
a
one
for
the
rabbit-hole
module
and
publish
that
one.
B
This
there's
another
sort
of
like
step
to
things
not
necessarily
contributed.
Module
in
Phineas
necessarily
have
the
admin
access
to
the
node,
the
released
nodes
in
V
dot
org,
which
does
not
allow
them
to
set
the
release
as
a
security
release.
They
have
to
request
it
from
one
of
us
which
I
don't
mind.
I
can
do
that,
but
I
I
would
like
to
know
how
this
problem
is
being
solved
in
drupal.org
and
I
found
a
couple
of
modules
that
sort
of
like
we
can
use
them
to
they
use
user
reference.
B
So
we
can
assign
specific
maintainer
x',
like
these
video
clip
org
users
to
specific
projects,
and
then
this
not
reference
access
module
which
could
allow
the
users
that
are
being
referenced
from
the
project
node
to
also
have
access
to
the
project
releases.
For
that
does
that
make
sense
so
that
they
can
good.
They
don't
have
the
ability
themselves
to
go
and
mark
something
as
a
securities.
B
And
the
next
point
is
related
to
that.
So
we
have
a
tick
box.
That
said
that
something
is
a
securities,
but
we
don't
have
respected
SEC
boxes
or
a
drop-down
where
people
can
set
the
maintenance
status
of
a
specific
project
in
B.
No
Todd
I
think
that
simply
adding
a
field
and
copying
whatever
the
dot
org
has
like
the
specific
statuses.
B
I'm
not
sure
if
this
should
be
communicated
to
people
from
within
the
project
browser.
So
when
they
look
up
modules,
should
there
be
a
sort
of
like
status
indicator
for
the
module
that
they're
installing
as
it
as
in
this
is
seeking
maintains,
or
would
we
like
to
avoid
that?
What
do
you
guys
think
are.
E
F
E
B
If
not
directly,
in
the
listing
in
the
project
browser,
you
see
how
you
can
click
the
project
name
and
then
a
pop-up
comes
up,
which
is
a
guest
being
pulled
from
video
talk.
So
if
we
mark
this
the
release,
the
entire
project
has
not
maintained
or
something
like
that.
It
would
give
a
heads
up
to
people
to
know
what
they're
getting
into
I.
C
C
B
I
thought
that
this
could
be
either
a
respective
d7.
In
case
we
have
a
few
modules
that
are
completely
new.
They
don't
have
respective
modules
in
the
help
that
they
have
been
quoted
from,
but
for
the
majority
of
them.
If
someone
needs
to
pick
up
on
the
module
after
the
initial
port,
they
need
to
know
at
least
which
version
it
was
put
in
form
or
at
the
last
commit
that
it
was
branched
off,
because
some
of
the
molecules
have
been
imported
like
two
years
ago.
B
In
the
meantime,
their
respective
country
module
had
a
few
has
had
a
few
commits.
So
this
is
sort
of
like
with
each
release.
We
would
be
updating
uploaded
from
and
maybe
a
lasts,
I
don't
know
what
we
would
call
that
entry
last
sync
point
or
something
like
that,
so
that
we
know
we
know
up
to
what
version
or
commit
in
time
we
are
in
par
with
the
respective
v7
module.
I
know,
I
know
that
some
of
the
because
we
have
more
freedom.
B
Some
of
these
modules
sort
of
like
make
their
own
way
when
they
get
into
a
backdrop
land
and
they
might
deviate
from
from
whatever
is
being
done
on
the
respective
v7
module.
But
it
would
be
a
good
sort
of
like
indicator
for
for
people
that
want
to
pick
up
the
maintenance
of
the
modules
to
know
that
anymore.
What
up
to
this
point
I
know
that
all
the
previous
commits
have
been
merged
in
the
module.
B
We
don't
have
such
an
option
in
in
our
end
and
I
know
if
this
was
omitted
or
if
it
was
added
at
some
point
in
views,
and
we
just
missed
it,
but
it's
sort
of
like
a
regression,
but
for
people
coming
from
these
seven
sites,
and
now
that
we
are
talking
about
migrations,
they
might
have
a
view
that
actually
randomizes
things
and
when
they
put
their
sites
to
migrate,
decides
to
back
up.
They
would
just
lose
that,
so
that's
that's!
D
It's
hard
to
formalize
in
my
opinion,
so
maybe
it's
better.
The
maintainers
talk
with
each
other,
because
maybe
you
checked
Trooper
the
Drupal
module
one
year
ago,
but
you
made
then
own
commits
which
are
comparable
to
Drupal
and
so
on.
So
it's
out
to
say,
if
it's
one
year
ago,
what
that
means
and
I
think
also.
Some
people
began
to
write
some
information
in
the
readme
files
about
that.
D
B
This
suggestion
of
using
the
respective
Drupal
versions
came
up
before
foreign
and
its
really
accepted.
If
you
want
to
go
with
that,
it's
just
that,
as
you
pointed
out
at
some
point,
the
backdrop
modules
deviate
as
in
they
implement
their
own
changes
so
so
of
like
the
the
version
numbers
get
out
of
sync,
and
they
don't
start,
they
start
not
making
sense
anymore.
B
It's
worth
pointing
out
the
reason
why
I
said
that
suggested
that
this
is
an
entry
in
docking
Co
is
that
if
it
is
first
of
all
dot
dot
info
entries,
that
bactrim
does
not
know
what
to
do
with,
and
it's
the
same
with
Drupal
as
well.
They
just
ignore
it
like
it
won't
harm.
It's
a
way
to
communicate
things
to
developers,
I
guess
the
people
that
will
maintain
the
module,
I
think.
E
D
E
C
Yeah,
that
was
my
thought
as
well
at
the
Don
info
file
putting
stuff
in
it.
We
should
only
put
stuff
in
it
if
we
need
to
pull
it
back
out
again
and
display
it
someplace
else
like
if
it's
useful
or
project
browser
or
in
the
backdrop
UI
or
something
like
that,
the
Don
info
file
usually
provides
some
functionality.
You
know
it's
something
that
is
read
by
the
system.
Then
it's
information
is
then
displayed
someplace
else,
and
then
it
would
have
some
kind
of
you
know.
Data
format
to
it
as
well.
C
C
Absolutely
we
couldn't
least
update
the
templates
that
are
in
the
contribute.
You
know
that
have
the
sample,
readme
and
stuff,
like
that
update
the
readme
to
include
a
better
template
to
encourage
people
to
include
that
information
buzzing.
The
portage
from
thing
like
our
section
break,
says
what
it's
all,
because
we
have
that
template
already
and
that's
why
we
have
so
many
projects
that
say
where
they
reported
from
this,
because
it
was
in.
C
D
Yeah
and
then
another
idea
that
the
dot
info
file
could
become
interesting
when
we
have
tests
for
for
for
upgrade
from
Drupal
to
backdrop.
So
when
it
wouldn't,
we
have
a
way
to
make
sure
to
know
that
a
certain
project
works
in
backdrop
when
it's
when
you
come
from
Drupal,
so
that's
a
clear
information
it
that
could
be
in
the
dot
info
file
and
it
could
be
useful
there
because
it's
yeah,
it's
a
formal
information.
There
upgrade
works
from
that
Drupal
module
to
backdrop,
and
so
as
an
example.
F
C
G
G
G
I
brought
up
the
solution.
We're
using
the
Hobart
is
one
that
most
of
them
hadn't
worked
with,
but
they
were
aware
of
so
they
had
some
other
thoughts,
but
they
said
we
could
either.
You
know
they
were
like:
hey
yeah,
we'd
love
to
help.
You
try
and
fix
this,
but
we
didn't
have
time
on
Tuesday,
so
it
went
it
might
be.
We
fix
it
with
the
current
solution
or
it
might
be.
We
actually
spin
up
a
new
one
but
yeah
what
port
all
the
data
yeah.
B
Just
I
have
already
added
the
feed
with
our
releases
in
my
feed
bin
here,
so
I
will
know
if
new
releases
come
out
and
we
can
update
every
now
and
then
if,
in
the
meantime,
we
come
up
with
a
very
solution
yeah
by
all
means,
but
but
my
point
there
was
to
sort
of
upgrade
the
current
version
to
see
things
like
good
idea.
Yeah.
C
C
I
believe,
and
the
way
it's
run
is
that
we
have
a
start
script
command,
that
just
calls
the
necessary
node
script
and
then
it's
birth
of
a
process,
but
when
dragon-bot
goes
away
for
long
periods
of
time
it
it's
because
we
don't
have
any
recovery
in
place
that
when
it
crashes
like
when
that
process
ends
or
even
the
server
restarts,
it
doesn't
turn
on
again
and
so
a
lot
of
times
when
dragon
bots
broken
somebody
logs
into
the
server
it
starts
them
again.
You.