November 15th, 2011
The Drupal Security Team was originally created in 2005. Though we handled security issues before that, we didn't have a team with proper infrastructure until then. At that time, Károly Négyesi (chx) was the team leader. In July 2006 chx changed his role in the team and I promoted Heine Deelstra to be the security team lead. Heine recently stepped down as the security team lead, and I'm pleased to announce that Greg Knaddison (or greggles on drupal.org) will be filling this role.
Greg has been a consistent member of the security team and both Heine Deelstra, the security team members, and myself unanimously agreed that Greg is the logical person to head the Drupal Security Team.
For those who don't know Greg, Greg helped write our free handbooks on security and wrote a book about Drupal Security. He has also talked about security and Drupal at many DrupalCons. Greg believes in my idea to automate where possible and empower project maintainers. In the coming weeks he will write blog posts to detail some changes made in the last year toward that vision and some tasks that still remain.
As the Drupal Security Team lead, Greg will be the point person for the team. He'll be responsible for coordinating the security team's activities and for making decisions when consensus doesn't arise.
Greg and I agreed on a target of 2 years for him to be in this role. If appropriate, he may continue in this role longer or be replaced before then, but this target helps to set an expectation about the time period. Setting this expectation should help Greg maintain enthusiasm for this role and increase the likelihood that our community will have continuity when that time is up. Greg works at Acquia and will be given 20% of his time to dedicate to the security team (in addition to using his own spare time).
Please join me in thanking Heine for all the great work he did, and in welcoming Greg.