[wp-testers] [wp-hackers] WordPress 3.0.2

Trent Martin trentmar at gmail.com
Thu Dec 2 20:23:22 UTC 2010 

I totally agree on the urgency of a security update, except for this:

1. It isn't just a security update, it contains a number of other bug fixes;
11 core files were modified.

2. They thanked the guy who reported it for responsible disclosure which
usually means he would give them time to fix it before making it public,
which he did.

3. It certainly must have taken at least a day or two to fix, test, prepare,
and package an official release so there certainly was enough time to at
least give us a courtesy heads up that an update was imminent.

4. This isn't the first time they have done a surprise release.

I realize this update probably won't break anything, but we still have to go
through a full test run anyway. I certainly do appreciate the work the
WordPress team is doing but I wanted to express my voice as plugin
developer.


So what I would like to know is what I should monitor to get the earliest
and most consistent notification of updates?


TM


On Thu, Dec 2, 2010 at 12:12 PM, Jason LeVan <jason at codeclarified.com>wrote:

> First, exactly what scribu said.
>
> Second, given the exact nature of the security issue this release fixes,
> and
> the mention that end-users will blindly upgrade without considering that
> they may break plugins, themes, etc - this update is even more necessary,
> as
> it could allow lower level users to run updates (or perform more malevolent
> actions). If this was not patched, then as 3.1 was released, an author on a
> blog could update from 3.0.x to 3.1, and break something. I'd rather the
> list of people able to 'break' the installation be as short as possible
> (just admins) rather than including all author level users.
> ___________________________________
>
> Jason LeVan
>
> Email: jason at codeclarified.com
>
> Twitter: @codeclarified
>
>
>
> On Thu, Dec 2, 2010 at 2:05 PM, scribu <mail at scribu.net> wrote:
>
> > This was a security update, so it had to be released as soon as possible.
> >
> > Also, point releases such as 3.0.1 and 3.0.2 do not bring major changes,
> so
> > all themes and plugins should work just fine.
> > _______________________________________________
> > wp-testers mailing list
> > wp-testers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-testers
> >
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>

More information about the wp-testers mailing list