[wp-hackers] Security at Wordpress

Elliotte Harold elharo at metalab.unc.edu
Mon Apr 24 12:48:56 GMT 2006


Owen Winkler wrote:

> Strange that all of the POST proponents hadn't written a patch for this 
> already - it might have been less overall work than the bluster they've 
> created, and it might already have been committed by now.

Let me repeat myself: experience has taught me that writing patches for 
design flaws is a complete waste of time until the maintainers recognize 
the flaw. While simple fixes for obvious bugs are usually accepted, and 
feature additions are sometimes accepted, architectural changes are 
almost never accepted. This isn't WordPress specific by any means. This 
is a general rule in most open source projects.

At such time as the maintainers decide they want to use POST where 
appropriate, then it makes sense to invest time in creating a patch. 
Until then, the question is not whether to submit a patch. It's whether 
to live with the flaw or fork the project. I personally haven't decided 
yet. Forking is a big step, but not out of the question. I've got a 
growing list of problems with WordPress that can likely only be 
addressed in a separate development branch. I'd certainly prefer not to 
go to all the expense and trouble of maintaining a fork. It's not like I 
don't have enough to unpaid work already; but if the list keeps growing 
then forking may become inevitable.

I've already made a few changes in the code for my personal sites. The 
more changes I make and the further my own codebase diverges from the 
official codebase, the more sense it makes to publish the whole thing, 
and make it official.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim


More information about the wp-hackers mailing list