[wp-hackers] Community Views on Now and the Future
ryan at boren.nu
Sat Mar 4 23:59:04 GMT 2006
steve caturan wrote:
> i'm more of a lurker, not a programmer or a web developer. :)
> i think the WordPress platform would benefit if it were to undergo a
> security audit by an independent contractor like Gulf Tech Research
> and/or Netcraft - these folks have eyes that are trained differently
> (imho), unmatched experience & have tools that can point out weak points
> that can be exploited and overlooked - no, not to undermine the existing
> efforts being made. not necessarily a line-by-line code auditing like
> the OpenBSD project does.
That costs money. Maybe Automattic can pay for that, I don't know, but
it's not as if we've got a money printing press. Regardless of hiring
someone, a community security effort would be nice. My one previous
attempt to get something going fizzled and died.
> also, I'm wondering if the project has plans to release patch files as
> an alternative to downloading entire packages just to get a bump from,
> say 2.0 to 2.0.1 - a simple patch -p0 -s < patchfile would really help
> speed up the process for those mainting 100s of WordPress blogs, like
> myself. why does WordPress have to include *new* features for revisions?
> why not just release something like 2.0.1 to address bug fixes, nothing
Creating diffs between subversion branches is trivially easy. I've
always figured those who can apply patches would generate their own
diffs. Maybe we can supply diffs. It's pretty cheap to do even for
such a limited audience.
svn diff http://svn.automattic.com/wordpress/tags/2.0/
> i also think the WordPress project should maintain both development &
> support channels, separately. and that more core developers & testing
> folks should be part of it, at least the ones that can make a genuine
> commitment, not just lip service.
We already have mailing lists for development and testing and forums for
support. Do you mean a support mailing list in addition to the forums?
I read the support forums every day. I don't post very often, but I'm
usually lurking about trying to judge the zeitgeist and seeing what
things are being requested.
More information about the wp-hackers