[wp-hackers] Summary of the update security & privacy discussion

Travis Snoozy ai2097 at users.sourceforge.net
Tue Sep 25 23:15:04 GMT 2007 

On Tue, 25 Sep 2007 22:50:16 +0100, Callum Macdonald
<lists.automattic.com at callum-macdonald.com> wrote:

> G'day,
> 
> There are currently 112 messages on the Plugin update & security / 
> privacy thread. Would anyone care to give a _neutral_ and _unbiased_ 
> summary of the discussion?

I've attempted to stick to matters of fact. I admit my knowledge is not
complete, and mark such sections where I know this to be the case.
Statements with a side attached are marked for (P)ro (the current
implementation is fair and reasonable), (C)on (the current
implementation should be changed), (B)oth (the fact could be used
to argue either way), and (N)either (the fact makes no difference to
whether a change in the code should be made at some point, but may
have otherwise been relevant to -this release-).

I have tried to group topically relevant facts together, and
limited myself to the most prominent/frequent topics I could recall
(which, of course, may introduce my personal bias). If anybody thinks
they do smell a bias, let me know. :)


  * B: The update feature is very important

  * C: Information is being transmitted that is not strictly necessary
to provide the service

  * B: The non-necessary information could be used for something in the
future

  * P: Information is not being stored

  * C: Information could possibly be stored

  * P: Plugins are available to disable the feature entirely

  * P: It is possible to send fake data (URL, more plugin details than
are needed) and still utilize the service

  * C: There is no method in the core UI to disable transmission of
extra data (e.g., in the "privacy" tab)

  * B: Blog URLs are transmitted, allowing for statistical analysis

  * C: There [was] no information collection disclosure

  * P: A disclosure was made in the release post

  * C: There [was] no privacy/usage policy

  * P: A privacy policy has been added to wordpress.org

  * (Unknown: How users are informed of the privacy policy.)

  * N: The complaints came very, very late in the RC. The feature was
added several weeks prior.

  * (Unknown: When, where and if the implementation was discussed;
which stakeholders were present, if any.)

  * P: There are other ways to implement the update functionality



-- 
Travis

More information about the wp-hackers mailing list