[wp-hackers] Security at Wordpress

Robert Deaton false.hopes at gmail.com
Mon Apr 24 14:50:17 GMT 2006

On 4/24/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> Owen Winkler wrote:
> > Strange that all of the POST proponents hadn't written a patch for this
> > already - it might have been less overall work than the bluster they've
> > created, and it might already have been committed by now.
> Let me repeat myself: experience has taught me that writing patches for
> design flaws is a complete waste of time until the maintainers recognize
> the flaw. While simple fixes for obvious bugs are usually accepted, and
> feature additions are sometimes accepted, architectural changes are
> almost never accepted. This isn't WordPress specific by any means. This
> is a general rule in most open source projects.

For the rest of the contributors to the WordPress project, we have
learned from years of experience that code speaks louder than words,
and 99% of the time, if you want something in, you have to at least
write a preliminary patch.

> At such time as the maintainers decide they want to use POST where
> appropriate, then it makes sense to invest time in creating a patch.
> Until then, the question is not whether to submit a patch. It's whether
> to live with the flaw or fork the project. I personally haven't decided
> yet. Forking is a big step, but not out of the question. I've got a
> growing list of problems with WordPress that can likely only be
> addressed in a separate development branch. I'd certainly prefer not to
> go to all the expense and trouble of maintaining a fork. It's not like I
> don't have enough to unpaid work already; but if the list keeps growing
> then forking may become inevitable.

The question should be "if my patch doesn't get accepted for the wrong
reasons", what should I do tfrom there?

> I've already made a few changes in the code for my personal sites. The
> more changes I make and the further my own codebase diverges from the
> official codebase, the more sense it makes to publish the whole thing,
> and make it official.

Have fun.

--Robert Deaton

More information about the wp-hackers mailing list