Direct .mp3 file download.

Cathy Theys (yesct) and Peter Wolanin (pwolanin) from the Drupal Security Team join Anna Kalata and Mike Anello to discuss the origins, evolution, and efforts of the team. Peter and Cathy discuss how to report potential security issues, how issues are handled within the team, and how they prioritize potential contributed module security issues. In addition, we discuss Drupal from the outside-in, Cathy's travel schedule, secret bunkers, the need for us to keep Peter busy in the Drupal community (seriously), Mike's slow loss of control, customers who contribute, and how Drupal might be related to the Panama Papers. As if that wasn't enough, we give Cathy control of the five questions - let the fun begin!

Interview

• Drupal Security Team home.
• How to report a security issue.
• Drupal 8 Security Bounty Bug Program.
• Links related to ad-hoc pre-security team activity: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1921, http://www.securiteam.com/exploits/5BP0O20GBS.html, https://www.exploit-db.com/exploits/1078/, https://www.drupal.org/node/1341738.
• Best practice to block xml rpc in htaccess?.
• Current Security Team members.
• Join the Security Team.

DrupalEasy News

• DrupalEasy and SixMileTech team up for Introduction to Drupal 8 Module Development at DrupalCon New Orleans.

Four Stories

• Top 10 contributing customers Drupal Association blog post by Joshua Mitchell. Information for organizations who want their people to start recording attribution.
• Examples of how to make Drupal outside-in - blog post by Dries Buytaert.
• Drupal 8.1 RC1 is available.
• DrupalCon New Orleans schedule is available.

Sponsors

• Linnovate.com/sla
• WebEnabled.com - devPanel

Picks of the Week

• Cathy - Yes, Drupal 8 is slower than Drupal 7 - here's why blog post by Jeff Geerling.
• Mike - Group module for Drupal 8. See Mike's screencast demonstrating its use.
• Peter - From Encrypted Drives To Amazon's Cloud -- The Amazing Flight Of The Panama Papers.
• Anna - Counterpoint to Forbes pointing at Drupal: WordPress slider implicated Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause.
• Anna - State of Drupal 2016 Survey.

Upcoming Events

• DrupalDelphia - April 8, 2016.
• Drupal Camp Spain - Granada - Apr 22-24, 2016 - Cathy will be there.
• DrupalCon New Orleans - May 9-13, 2016 - Cathy is core conversation track chair, Peter's session.
• DrupalNorth Montreal - June 16-19, 2016 - Cathy will be keynoting.

Follow us on Twitter

• @drupaleasy
• @andrewmriley
• @liberatr
• @ultimike
• @tedbow
• @sixmiletech
• @akalata
• @YesCT
• @hook_menu

Cathy's Five Questions (answers only)

1. Python library for reading shape files (pyshp).
2. Retirement.
3. Go back to DIY microbiology/genetic engineering.
4. Chx asking him to do “something easy” for Drupal 6.
5. Brian Osborne, working on CAS module (bkosborne).

Intro Music

• R.T.B.C. - from the DrupalCon Los Angeles pre-note performed by Larry Garfield.

Subscribe

Subscribe to our podcast on iTunes or Miro. Listen to our podcast on Stitcher.

If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.