[wp-forums] Security Alerts

[Podz]

Lorelle VanFossen wrote:
> WordPress Forum first post: http://wordpress.org/support/topic/41464
I flagged that to MCincubus last night and he posed and squashed the issue.

The problem is not the security - that will always happen - the problem 
is perception. But asking someone handy in #wordpress to get in there 
and comment is the most efficient way to stop any threads going out of 
control.

> The info is still new though the issue is "old" and more information 
> will be coming out during the day.
True, but it applies to much much more than WP.


> SECOND ISSUE
1. Get the issue looked at and get someone we know has the knowledge to 
comment on it at the forum post.
2. File a bug.
3. Send note to hackers list.

There is a security@ address but for the 1.5.1.2 issue which was 
serious, Matt and Ryan were away. I was emailed the problem and I sent 
it to Michel who passed it to the correct people.

I think a sense of proportion is needed. There are two aspects:
- management publicly
- code changes
we need to concern ourselves only with the first, and doing as I 
suggested at the top is effective and timely.

We never post first, and the people to decide what's real, false or a 
potential issue are in #wordpress.

P.