[wp-hackers] Security Releases Proposal

Lloyd Budd lloydomattic at gmail.com
Mon Jun 11 18:40:17 GMT 2007


I have read a lot of feedback about WordPress 2.2, and it is largely
very positive!

I think for the future it is important to maintain (severe) security
releases for the previous version until at least after feedback is
received on the first maintenance releast of the new version.

For example, step in my time machine:
2.1.4 would have been released if new severe security issues, instead
of focusing that we were really close to releasing 2.2 and that it
addressed the issue.
2.2 released
2.1.n released if any new severe security issue
2.2.1 released
2.1.n released if any new severe security issue, waiting on feedback
regarding 2.2.1 then retire 2.1 branch.

This may feel like quite a bit of additional work, but it should be
manageable by only addressing severe security issues. On our short
development cycle this also gives theme and plugin authors time to

I think this will better match what WordPressers want.

What do you think?

Thank you,
Lloyd Budd | Digital Entomologist | 250-885-1744
WordPress.com | WordPress.org | Automattic.com

More information about the wp-hackers mailing list