
Drupal 8 – PSA-2016-002 – Pre-Announcement of Security Update - Roritharr
https://www.drupal.org/PSA-2016-002
======
Roritharr
Is this a common practice in the wider security community?

Since Drupageddon i kind of see the necessity of such an Pre-Announcement, but
this seems like a horribly broken process if the only way to ensure an
critical security update to a submodule gets installed is to tell everyone to
get their mousecursor over the update button so you can be quick enough...

