See #1954840: Packaging is incorrect in saying there's insecure module in distribution for an explanation of where we can fix this in Drupal.org.

Comments

jpontani’s picture

A bit of research and I find that project_release_is_security_update is the likely culprit, being called from project_release_compute_update_status.

Somehow single project releases are being seen as having the taxonomy term for "security release" without actually having been tagged as such, so ANY/ALL packages that contain a project that is inadvertently seen as "security release" are set to be non-secure releases.

This is just an educated guess, I don't know if this is actually the cause.

ezra-g’s picture

Assigned: Unassigned » jpontani
lsolesen’s picture

Version: » 7.x-3.2
Issue summary: View changes
Status: Postponed » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.