[wp-hackers] Wordpress Cookie Authentication Vulnerability

Abel Cheung abelcheung at gmail.com
Sun Nov 25 10:30:46 GMT 2007


On Nov 24, 2007 4:27 AM, Matt Mullenweg <m at mullenweg.com> wrote:
> > security at wordpress.org is. Aliased to Matt, is it? That's the only
> > logical conclusion I can come up with.
>
> Thanks for your confidence, but the alias goes to all core devs, as it
> has for years. As the other thread said, please refrain from personal
> snipes.

I really don't want to. But given lack of any response to quite some
of security issues, having security@ is not much different from
no such email email at all, thus I can't help thinking that way.

In some sense security related address is equally important for public
announcement, not just being the receiving side. For reference,
see how php-nuke behaves in this area.

Abel

>
> --
> Matt Mullenweg
>   http://photomatt.net | http://wordpress.org
> http://automattic.com | http://akismet.com
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Abel Cheung   (GPG Key: 0xC67186FF)
Key fingerprint: 671C C7AE EFB5 110C D6D1  41EE 4152 E1F1 C671 86FF
--------------------------------------------------------------------
* My own cave: http://me.abelcheung.org/
* Opensource Application Knowledge Assoc. - http://oaka.org/


More information about the wp-hackers mailing list