Next contrib Extension - Security Plan Application

Hi all,

With @surli and @ClemensRobbenhaar, we’d like to create a new contrib extension, allowing to keep track of security issues and to send mail of their current status.

The name of the extension should be security-plan-application.
The name of the JIRA project should be SPAPP.

We’ll need:


Hi Manuel,

Seems cool, but could you explain what problem this solves? I’m asking since security issues are already in jira and being tracked :wink: (And you get emails when their statuses change, especially if you watch them). Since you know all this, it means this must be something different but I’m not guessing it, hence my question about the purpose.


Hi Vincent,

the purpose of the application is to be able to automatize parts of the process we voted for in our Security Policy: the idea is to automatically send the email with the information whenever a new advisory is created, and most importantly to automatically compute the disclosure date when a release is performed, and to trigger a reminder when a disclosure date is reached.
Right now we are only relying on a manual check “when we have time” for the disclosure date which is not good.