[wp-hackers] Richer metadata for plugin versions

Ryann Micua ryannmicua at gmail.com
Thu Jul 12 01:56:05 UTC 2012

sounds nice..

but, isn't this what the upgrade notice tag is for?

if devs can't be forced to use the upgrade notice tag, what's going to 
make the security tag any different?

and if this is made compulsory, what's going to stop devs from just 
listing all versions under the secure tag?

also, most users don't usually install "old" versions unless they need 
one to be compatible with their installed wp version for server 
compatibility reasons (php4)

So, Otto's point is, if a plugin has the following versions: 2.1, 2.2, 
2.3, 2.4  and version 2.3 is marked as a security update but the latest 
version 2.4 isn't, then that's sort of like saying "it's okay not to 
update to v2.4"

and as I've mentioned before, if the dev were to tag the latest version 
2.4 as a security update (if he was kind enough to), then the dev could 
just as easily have done it using the Upgrade Notice tag..

and if this were made compulsory, then what's going to stop a dev from 
listing every version as secure? and when that becomes an issue, I'm 
pretty sure someone will come up with a new scheme to make it *easy* for 
users to make *intelligent* decisions..

> If the plugin
> update is marked as a security update, then that gives me extra
> information to persuade me to upgrade*sooner*  rather than later.

> Here's a way to make them compulsory - have two tags in the readme.txt,
> "Secure versions" and "Insecure versions". The plugin author would have
> to list every version in one of the two. An unlisted version would not
> be offered up by the WordPress plugins directory (and insecure ones
> could be removed or made harder to reach).

*Ryann Micua*
/Web Developer/

Website: /www.pogidude.com/
Skype: /rmicua/
Mobile: /+639169273059/

More information about the wp-hackers mailing list