Transfer ownership of 'Content Locking' to ergonlogic

I support the application. Looking at ergonlogic's profile it seems like the module will be in very capable hands.

@ergonlogic - that link does not go anywhere. Can you post the patch or proposed solution?

ergonlogic: The security team has received messages from several other community members interested in helping out. I have directed them here, so you know. I think it would be OK to post a patch for review since the issue is public now. Are you interested in additional co-maintainers?

Folks can also help out by providing reviews of https://drupal.org/sandbox/davereid/1332490. Thanks!

@ergonlogic When did you say you contacted me via the Drupal.org contact form? I don't have any incoming e-mail from you in the last week, even in my Gmail spam folder.

We use this module on a number of sites and are keen to see it restored.

ergonlogic seems like a good candidate to take over the module.

It would be good to see a solution to this that doesn't rely on a sandbox project though.

I also support the application of ergonlogic to become the new maintainer of the Content Locking module.

I would love to see ergonlogic get ownership of this project so it can be patched and restored.

Sorry to be a party pooper here. Before anything can be transferred the proposed solution for the SA needs to be approved by the security team. As far as I can see this has not happened yet, or has it? Wouldn't you need a release of Dave Reid's module, too? Am I missing something here?

@ergonlogic, I'm interested in helping out with the maintenance of this module. What can I do to move this process along now?

@all: A patch not dependent on protection_menu_token has been created at #2238703: Fix SA-CONTRIB-2014-024. Please review to resolve this security issue.
I posted in the module's issue queue since the SA is public now and so others using the module can find it easier.

The proposed solution has been here for months now, let's get this moving :)

I've reviewed the solution over in #2238703: Fix SA-CONTRIB-2014-024 and it looks like a good one. Do we need to get the security team to sign off on that solution before this project can be transferred? What's the process for moving this forward? (updating status to see if that does the trick).

As far as I know this needs to be approved by somebody of the sec team. Especially since this approach is different from the one proposed at the beginning of this discussion.

@pfrenssen why was this set to "Abandoned/unsupported projects"? As far as I can tell ergonlogic still wants to be maintainer and many of us would like the sec team to approve the fix.

What's actually the nexts step in this process?

@mrconnerton, see the process described at Dealing with unsupported (abandoned) projects.

The next step is just to approve the maintainership. All requirements are met. There is some unknown factor holding up this transfer at the d.o side. Maybe the drama that surrounded the departure of the original maintainer left a sour taste with the people involved and they rather ignore it than opening that can of worms again.

Keep in mind that it's been many months since @ergonlogic applied to be the new maintainer and he might have changed his mind in the meanwhile.

I can transfer the module in no time but I was under the impression that this needed security sign-off (#17). Is this not the case? If so, why not? Nobody cared to explain that.
No relation to any drama.

I assume that the security team needs to sign off the commit that fixes the security issue, but don't see why they would prevent a maintainership change. I do agree @ergonlogic needs to let us know if he wants to maintain the module or not at this point.

Oh I didn't realize that, how can we bring this to the attention of the security team?

Easiest way would be to ping a security team member on IRC https://security.drupal.org/team-members - dww and greggles are often available (I think.)

Special note on projects marked unsupported for security reasons

If you wish to take over a project that is marked as unsupported for security reasons, post a patch to the project's issue queue which addresses the vulnerability and reference that patch in your request to take over the project. Then send a message to security@drupal.org asking for a security team member to confirm in your request issue that your patch resolves the security issue. Refer to the security announcement which led to the project becoming unsupported for information about the vulnerability. Contact the security team if you are unsure about the nature or scope of the security issue or need additional information.

About the ownership transferal of projects iced for security reason.

Are you still blocked on security team sign-off?
Happy to take a look.

Reviewed the patch at #2238703-20: Fix SA-CONTRIB-2014-024 only minor comment cleanup needed that I can see.

@ergonlogic - perhaps you could take this on, and add some of those others as co-maintainers?

It would be great if you could take this on - this is a really useful module. You'd have a lot of happy fans :)

Thanks for the patch too!

I've transferred the module to ergonlogic but left the warning on the project page. ergonlogic can edit that (the whole project page needs an overhaul) after commit. If there is anything left to do from my side, please let me know.

Hello,

can somebody please tell me how to get the complete module, since the project page still doesn't show the links to the downloads.

I really would be glad to get a functioning version of this useful module!

Or maybe somebody can supply us with the current state of the module!

Thanks a lot!!!!

There is currently no working module because the patch hasn't been commited yet.