[wp-hackers] Plugin update & security / privacy
computerguru at neosmart.net
Mon Sep 24 21:13:09 GMT 2007
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
> bounces at lists.automattic.com] On Behalf Of Otto
> Sent: Monday, September 24, 2007 11:58 PM
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] Plugin update & security / privacy
> I fail to grasp your argument. The reasons for the data being sent are
> straightforward and obvious, to notify the blogger about upgrades
> being available for both WordPress and plugins. With all the security
> issues lately, and so many people bitchin' about WordPress having
> security problems, then keeping people in the know about upgrades is
> an important thing to do.
I guess I mustn't have been very clear: I have no problem per-say with what's being sent, only how it's done and what's said about it.
I'm sorry, but even notifying people about upgrades doesn't stop their installs from being insecure. The sheer number of posts on Planet and everywhere else aren’t that different from anything...
And there are a million ways of doing this without sending any info (getting the remote version and *locally* comparing it and seeing if an update is needed), but that's not my point.
My ONLY point is with the lack of a visible option to disable this functionality, and why someone seems to think it's OK for WP to do this silently and secretly and it's not for other companies/software/organizations. (and, no, just because you can name someone else that does it doesn't make it OK :-)
More information about the wp-hackers