Separate Security Announcements by Type
To make the impact of different security advisories and announcements easier to see, they are now separated by type.
We encourage those using RSS readers to track security-related developments to subscribe to all three of these feeds.
All posts to each of these three forums will still be sent to the one security announcements e-mail list. To subscribe to that e-mail list, once logged in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
All future public service announcements will only be posted to the Public service announcements page and feed.
Background on the Changes
At Drupalcon in Washington, D.C. earlier this month, members of the Security team held a “Birds of a Feather” session to discusses various topics including improvements to our process of communicating with the public.
One outcome of this meeting was that we decided to more clearly differentiate among security advisories for Drupal core (which affect all users) as opposed to security advisories for contributed projects (which are often used by only tens of sites). In addition, the security team has on occasion issued announcements (such as this one), which were previously mixed in with actual security advisories.
Since the Drupal 6.x upgrade of http://drupal.org, newsletter postings have been managed using forums. The security team has thus split security-related postings among three forums under http://drupal.org/forum/1188.
All past and new advisories and announcements and their feeds can be viewed (via tabs) on http://drupal.org/security.
The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.