[wp-hackers] Development Process

[Robert Deaton]

Before this gets dismissed, this is not another "the funnel is too
small, give someone else commit access" e-mails.

As you all might've seen, a lot of FUD has been going around lately,
about a critical vulnerability. People are worried, some of the people
like DrDave love to post it to their blogs and upset the world.
Granted, I think this is the entirely wrong way to handle things, but
as long as things keep going like they're going, I'm sure people will
continue doing things like this.

Security e-mails appear to their reporters to be ignored. As I
understand it in the past, a lot of crap gets sent through to
security at wordpress.org, and obviously it must get rather frustrating
and tiring for Matt and Ryan to have to read through these e-mails,
possibly even leaving a legit threat in the stack of crap e-mails.
(I'm trying to think of any way to explain something other than these
mails are just ignored here, work with me). At any rate, something
isn't working. Security patches aren't being reviewed and committed
fast enough, and people like to make noise about it, a huge PR
disaster.

So, basically, I think we need to come together and figure out the
best course of action to ensure that things don't keep going astray
like this. Perhaps a person or a team of trusted people to sort
through the security e-mails, create a proper patch, and have some way
to contact Matt and Ryan more quickly and reliably than one of these
lists to get the information to them. Maybe there's another, better
course of action I haven't thought of yet? Whatever is done, I hope
that this isn't just another pointless flame-thread. Responses?

-- 
--Robert Deaton