Drupal will work with maintainers of modules that are code complete, with maintainers now given a deadline to fix the problem. If the deadline's missed, the module and the project will be unpublished from Drupal.org. Vulnerabilities in unfinished code will simply be flagged in the module's issue queue.
The clarifications are a response to the discovery of a potentially serious XSS hole in the Drupal Context module three weeks after White House developers proudly released their own plug-in based on the buggy module.
The link for this article located at The Register UK is no longer available.