[wp-trac] [WordPress Trac] #23394: Remove version from readme.html / Upgrade core doesn't restore the file

WordPress Trac noreply at wordpress.org
Tue Apr 12 11:02:22 UTC 2016 

#23394: Remove version from readme.html / Upgrade core doesn't restore the file
---------------------------+----------------------
 Reporter:  momo360modena  |       Owner:
     Type:  enhancement    |      Status:  closed
 Priority:  normal         |   Milestone:
Component:  Security       |     Version:
 Severity:  normal         |  Resolution:  wontfix
 Keywords:                 |     Focuses:
---------------------------+----------------------

Comment (by RedSand):

 Replying to [comment:18 rmccue]:
 > Replying to [comment:17 RedSand]:
 > > I took ''several hours'' of my life to write it...people can take a
 ''few minutes'' out of their life to read what I wrote.
 >
 > If you spent months writing a book about this topic, that would be
 impressive...

 I would hope that it would not require writing a book on the topic to get
 the core team to follow security best practices. :)

 > ...but it would still be inappropriate for a comment on Trac.

 If that's true then technical limitations should be set in place to
 prevent long comments.

 Also, if that's true, then it should be considered inappropriate for core
 team responders to instantly shut users down without really considering
 their points, or admitting that they need to research the topic. It forces
 us to write long comments to prove the point.

 > Consider that your comment is not the only one left on Trac today, nor
 is reading Trac the only thing we need to do.

 Yes, I understand. While I do appreciate your hard work, we're all in the
 exact same situation.

 With each new release of WordPress, we have to check our plugins for
 compatibility, potential new security issues, and make sure nothing gets
 broken or compromised by the new release. With each new major release in
 the last couple years (and all but the most recent minor releases),
 vulnerabilities have been discovered within weeks, so please understand
 why I'm pushing for some change here.

 > Having gigantic comments makes it harder to keep on top of what's
 happening, and I don't think any of us have the mental space to keep track
 of all of it even when comments are succinct.

 I understand. But keep in mind that we have to protect our clients'
 websites from security issues, and when WordPress devs don't follow all
 best-practices, it requires a lot of extra work for those of us tasked
 with protecting people's websites, businesses, and livelihoods. We have to
 do a lot of extra research, coding, and testing to create additional
 layers of security to compensate. You talk about mental space...I
 understand...we get extremely exhausted too. :)

 > I think you've also mischaracterised my involvement in WordPress; I am a
 guest committer, and am not on the security team, nor a lead developer. My
 time spent here is also voluntary. If you have security concerns, you
 should email security at wordpress.org with them. I merely dropped in to
 mention that your comment is probably too long to be digestable.

 I understand. This particular issue is something that people have been
 bringing up for years. I think it's better discussed publicly because
 WordPress is open source, and the published process is to use the bug
 tracker ticket system. However, I will email security as well.

 > I also find the tone you've replied with here to be inappropriate. I'm
 trying to help you get your concerns across, and instead you've attacked
 me. Let's keep calm and discuss this. :)

 I think you misinterpret my tone. I apologize if anything I said was
 perceived as an attack. I think you may be confusing "disagree" and
 "challenge" with "attack". I certainly didn't intend to attack you. :)
 Notice there was no name calling, derogatory anything...I was just
 pointing out that the overall process tends to run people in circles, and
 exasperate those who report issues. At no point did I have any negative
 feelings toward you, disrespect, or intend insult. :)

 Disagreement, or pointing out problems with how things are being handled
 should not be discouraged, though.

 As noted in my "research paper" comment, I have nothing but love and
 respect for you all guys. I'm a blunt person. Sometimes I use sarcasm,
 especially when needing to break up a dry topic like this. No offense is
 meant. I can have conversations where I disagree with people, but at the
 same time have nothing but the utmost of respect for them.

 If it isn't clear, I'll say again:
 * WordPress is the best CMS out there.
 * I have nothing but love and respect for the WordPress devs, and all
 involved.
 * I can disagree with you and point out a flaw without disliking you or
 being angry at you.
 * I only invest my time in things that I care about.
 * I'm trying to help improve WordPress.
 * You all are brilliant, talented, and changing the world...keep doing
 great things.

 That means you, @rmccue :)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/23394#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list