I totally agree on the urgency of a security update, except for this: 1. It isn't just a security update, it contains a number of other bug fixes; 11 core files were modified.
2. They thanked the guy who reported it for responsible disclosure which usually means he would give them time to fix it before making it public, which he did. 3. It certainly must have taken at least a day or two to fix, test, prepare, and package an official release so there certainly was enough time to at least give us a courtesy heads up that an update was imminent. 4. This isn't the first time they have done a surprise release. I realize this update probably won't break anything, but we still have to go through a full test run anyway. I certainly do appreciate the work the WordPress team is doing but I wanted to express my voice as plugin developer. So what I would like to know is what I should monitor to get the earliest and most consistent notification of updates? TM On Thu, Dec 2, 2010 at 12:12 PM, Jason LeVan <[email protected]>wrote: > First, exactly what scribu said. > > Second, given the exact nature of the security issue this release fixes, > and > the mention that end-users will blindly upgrade without considering that > they may break plugins, themes, etc - this update is even more necessary, > as > it could allow lower level users to run updates (or perform more malevolent > actions). If this was not patched, then as 3.1 was released, an author on a > blog could update from 3.0.x to 3.1, and break something. I'd rather the > list of people able to 'break' the installation be as short as possible > (just admins) rather than including all author level users. > ___________________________________ > > Jason LeVan > > Email: [email protected] > > Twitter: @codeclarified > > > > On Thu, Dec 2, 2010 at 2:05 PM, scribu <[email protected]> wrote: > > > This was a security update, so it had to be released as soon as possible. > > > > Also, point releases such as 3.0.1 and 3.0.2 do not bring major changes, > so > > all themes and plugins should work just fine. > > _______________________________________________ > > wp-testers mailing list > > [email protected] > > http://lists.automattic.com/mailman/listinfo/wp-testers > > > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
