[wp-hackers] Community Views on Now and the Future

Ryan Boren ryan at boren.nu
Sat Mar 4 23:59:04 GMT 2006

steve caturan wrote:
> greetings,
> i'm more of a lurker, not a programmer or a web developer. :)
> i think the WordPress platform would benefit if it were to undergo a 
> security audit by an independent contractor like Gulf Tech Research 
> and/or Netcraft - these folks have eyes that are trained differently 
> (imho), unmatched experience & have tools that can point out weak points 
> that can be exploited and overlooked - no, not to undermine the existing 
> efforts being made. not necessarily a line-by-line code auditing like 
> the OpenBSD project does.

That costs money.  Maybe Automattic can pay for that, I don't know, but 
it's not as if we've got a money printing press.  Regardless of hiring 
someone, a community security effort would be nice.  My one previous 
attempt to get something going fizzled and died.

> also, I'm wondering if the project has plans to release patch files as 
> an alternative to downloading entire packages just to get a bump from, 
> say 2.0 to 2.0.1 - a simple patch -p0 -s < patchfile would really help 
> speed up the process for those mainting 100s of WordPress blogs, like 
> myself. why does WordPress have to include *new* features for revisions? 
> why not just release something like 2.0.1 to address bug fixes, nothing 
> more?

Creating diffs between subversion branches is trivially easy.  I've 
always figured those who can apply patches would generate their own 
diffs.  Maybe we can supply diffs.  It's pretty cheap to do even for 
such a limited audience.

svn diff http://svn.automattic.com/wordpress/tags/2.0/ 

> i also think the WordPress project should maintain both development & 
> support channels, separately. and that more core developers & testing 
> folks should be part of it, at least the ones that can make a genuine 
> commitment, not just lip service.

We already have mailing lists for development and testing and forums for 
support.  Do you mean a support mailing list in addition to the forums?

I read the support forums every day.  I don't post very often, but I'm 
usually lurking about trying to judge the zeitgeist and seeing what 
things are being requested.


More information about the wp-hackers mailing list