[wp-testers] [wp-hackers] WordPress 3.0.2

Pete Mall pete at jointforcestech.com
Thu Dec 2 20:33:05 UTC 2010 

It certainly must have taken at least a day or two to fix, test, prepare,
and package an official release so there certainly was enough time to at
least give us a courtesy heads up that an update was imminent.
It took 4 hours from full disclosure to release. If you follow the commits
to the current stable branch and you see a version bump then that's a good
sign that an update is coming.


On Thu, Dec 2, 2010 at 12:23 PM, Trent Martin <trentmar at gmail.com> wrote:

> I totally agree on the urgency of a security update, except for this:
>
> 1. It isn't just a security update, it contains a number of other bug
> fixes;
> 11 core files were modified.
>
> 2. They thanked the guy who reported it for responsible disclosure which
> usually means he would give them time to fix it before making it public,
> which he did.
>
> 3. It certainly must have taken at least a day or two to fix, test,
> prepare,
> and package an official release so there certainly was enough time to at
> least give us a courtesy heads up that an update was imminent.
>
> 4. This isn't the first time they have done a surprise release.
>
> I realize this update probably won't break anything, but we still have to
> go
> through a full test run anyway. I certainly do appreciate the work the
> WordPress team is doing but I wanted to express my voice as plugin
> developer.
>
>
> So what I would like to know is what I should monitor to get the earliest
> and most consistent notification of updates?
>
>
> TM
>
>
> On Thu, Dec 2, 2010 at 12:12 PM, Jason LeVan <jason at codeclarified.com
> >wrote:
>
> > First, exactly what scribu said.
> >
> > Second, given the exact nature of the security issue this release fixes,
> > and
> > the mention that end-users will blindly upgrade without considering that
> > they may break plugins, themes, etc - this update is even more necessary,
> > as
> > it could allow lower level users to run updates (or perform more
> malevolent
> > actions). If this was not patched, then as 3.1 was released, an author on
> a
> > blog could update from 3.0.x to 3.1, and break something. I'd rather the
> > list of people able to 'break' the installation be as short as possible
> > (just admins) rather than including all author level users.
> > ___________________________________
> >
> > Jason LeVan
> >
> > Email: jason at codeclarified.com
> >
> > Twitter: @codeclarified
> >
> >
> >
> > On Thu, Dec 2, 2010 at 2:05 PM, scribu <mail at scribu.net> wrote:
> >
> > > This was a security update, so it had to be released as soon as
> possible.
> > >
> > > Also, point releases such as 3.0.1 and 3.0.2 do not bring major
> changes,
> > so
> > > all themes and plugins should work just fine.
> > > _______________________________________________
> > > wp-testers mailing list
> > > wp-testers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-testers
> > >
> > _______________________________________________
> > wp-testers mailing list
> > wp-testers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-testers
> >
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>

More information about the wp-testers mailing list