It certainly must have taken at least a day or two to fix, test, prepare, and package an official release so there certainly was enough time to at least give us a courtesy heads up that an update was imminent. It took 4 hours from full disclosure to release. If you follow the commits to the current stable branch and you see a version bump then that's a good sign that an update is coming.
On Thu, Dec 2, 2010 at 12:23 PM, Trent Martin <[email protected]> wrote: > I totally agree on the urgency of a security update, except for this: > > 1. It isn't just a security update, it contains a number of other bug > fixes; > 11 core files were modified. > > 2. They thanked the guy who reported it for responsible disclosure which > usually means he would give them time to fix it before making it public, > which he did. > > 3. It certainly must have taken at least a day or two to fix, test, > prepare, > and package an official release so there certainly was enough time to at > least give us a courtesy heads up that an update was imminent. > > 4. This isn't the first time they have done a surprise release. > > I realize this update probably won't break anything, but we still have to > go > through a full test run anyway. I certainly do appreciate the work the > WordPress team is doing but I wanted to express my voice as plugin > developer. > > > So what I would like to know is what I should monitor to get the earliest > and most consistent notification of updates? > > > TM > > > On Thu, Dec 2, 2010 at 12:12 PM, Jason LeVan <[email protected] > >wrote: > > > First, exactly what scribu said. > > > > Second, given the exact nature of the security issue this release fixes, > > and > > the mention that end-users will blindly upgrade without considering that > > they may break plugins, themes, etc - this update is even more necessary, > > as > > it could allow lower level users to run updates (or perform more > malevolent > > actions). If this was not patched, then as 3.1 was released, an author on > a > > blog could update from 3.0.x to 3.1, and break something. I'd rather the > > list of people able to 'break' the installation be as short as possible > > (just admins) rather than including all author level users. > > ___________________________________ > > > > Jason LeVan > > > > Email: [email protected] > > > > Twitter: @codeclarified > > > > > > > > On Thu, Dec 2, 2010 at 2:05 PM, scribu <[email protected]> wrote: > > > > > This was a security update, so it had to be released as soon as > possible. > > > > > > Also, point releases such as 3.0.1 and 3.0.2 do not bring major > changes, > > so > > > all themes and plugins should work just fine. > > > _______________________________________________ > > > wp-testers mailing list > > > [email protected] > > > http://lists.automattic.com/mailman/listinfo/wp-testers > > > > > _______________________________________________ > > wp-testers mailing list > > [email protected] > > http://lists.automattic.com/mailman/listinfo/wp-testers > > > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
