[wp-hackers] Plugin update & security / privacy
mark.wordpress at txfx.net
Sun Sep 23 21:54:25 GMT 2007
On Sep 23, 2007, at 3:35 PM, Matt Mullenweg wrote:
> I think this feature is actually going to dramatically improve the
> security of WordPress overall. We all saw the survey that 95% of WP
> blogs were vulnerable. That didn't even look a plugins. I think the
> survey was flawed, but you still can't deny that for most people
> knowing there is an update and actually updating just doesn't
> happen, and this is a necessary first step. If the only "trade-off"
> is sending an ALREADY PUBLIC blog URL to wordpress.org, then great!
Back up a minute. Why is the blog URL needed? The update
notification functionality works fine without it. You don't need it
for statistics purposes -- wp_hash('update-notification') 's output
would be just as unique. How do users benefit by sending their blog
URL? I think the onus is on us to show why it is necessary or
beneficial. If we can't, it shouldn't be there.
Covered Web Services
WordPress Ninja @ b5media Inc
More information about the wp-hackers