Add security team notice on extension upload page
Describe the task
Some extension authors publish extensions containing security fixes to TER, that have not been reviewed by the TYPO3 Security Team.
Extension uploads with security fixes must be coordinated with the TYPO3 security team, so patches can be reviewed/verified and the community can be informed about vulnerabilities in extensions.
What does success look like, and how can we measure that?
A notice right below the current info alert box on the extension upload page would be best to make extension authors aware of not uploading un-reviewed extensions.
<div class="alert alert-warning"> Do not upload extensions with security fixes that have not been coordinated with the TYPO3 security team. Instead please <a href="https://typo3.org/community/teams/security/contact-us" target="_blank">contact</a> the TYPO3 security team at <a href="mailto:email@example.com">firstname.lastname@example.org</a> </div>
Also a link to the Extension Security Policy (https://typo3.org/community/teams/security/extension-security-policy) should be placed "somewhere" on TER (e.g. on this https://extensions.typo3.org/faq/publish-an-extension/ page)
- Must be fullfilled