First of all, thanks so much for this feature. It would save me so much time :)
Maybe I'm just being paranoid, but to ensure the email has been despatched, I think it will be very useful if the email is cc'ed to security@drupal.org, or to a security team member who granted a user's access to an issue (or perhaps both). I'm aware this does not ensure delivery of the email, but I prefer not to assume it has been sent out.
I'll be happy to write a patch, but there is a couple of things to consider before writing one:
- Would this only add noise to the security team list? If yes, it should only be sent to the member who granted a user's access
- If it is considered reasonable to cc the security team, should we hard-code the sec team email address, assuming it would not change?
Comments
Comment #1
gregglesYes, makes sense but has the con of adding noise. I suggested http://drupal.org/project/maillog but forest and scor pointed out that having real headers is valuable.
So, we created security-tracker and can include that via http://drupal.org/project/bcc
Comment #2
dokumori commentedBCC module's project page says it sends out a copy of ALL email that Drupal sends out. Wouldn't that be too much?
All I want is a copy of the initial notification that's sent to a maintainer, when her/his access is granted. Can that be done by BCC module?
Comment #3
mlhess commentedI am not sure this is needed anymore, if anyone disagrees please reopen.