Scott Merrill skippy at skippy.net
Fri May 27 16:38:51 GMT 2005

Matthew Mullenweg wrote:
> Scott Merrill wrote:
>> Is a formal announcement pending, or are all WP users going to be
>> expected to manually visit /download/ on a regular basis to check for
>> the latest version?
> Obviously something very important came up that necessitated a release,
> and we wanted to double-check the fix before making a formal
> announcement. The timeline is Report -> 40 minutes -> Release -> next
> morning -> announcment. The code wasn't able to be immediately reviewed
> last night because it was 12 AM on the west coast and most of the other
> devs had already gone to be for the night. Thank you for your
> attentiveness, but a little benefit of the doubt at times would be
> appreciated too.

Matt: I give you benefit of the doubt all the time.
This isn't a personal attack on you: it was a question about procedure.

I understand the need to get fixes out; but I don't think un-documented
releases provide much value to users.  Worse still, the /download/ page
has conflicting version numbers: the headline reads, while the
body text reads

"Old guard" and newbies alike are left scratching their heads.

Is there a body of WordPress contributors you trust enough to form a
Security Team?  Between all of us, I'm sure a reasonable selection of
qualified participants can be available to review urgent items like
this, and to help draft update notifications.

skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35

More information about the wp-hackers mailing list