[wp-hackers] Plugin update & security / privacy
lists07 at wiltgen.net
Tue Sep 25 03:11:58 GMT 2007
>> Also, with the 2.3 release looming, I think it would be nice to
>> know if this issue is blocking or not. I have seen no posts on
>> the development blog one way or another on the matter.
> Matt clearly stated, and I'm to lazy to search the mail, that there
> will be no changes whatsoever, and I'm free to change the software,
> deactivate the whole function or start a fork.
That was his response to me as well. I offered what I thought were some reasonable alternatives to ignoring the real issue:
- If you "need" this data for some amazing feature that's only in your head, then you need to open the kimono now. Otherwise, it just seems sneaky and underhanded.
- Be careful about suggesting that people fork WordPress for privacy purposes. It won't take much for a Cory Doctorow to lead the charge to "take back WordPress".
- Here's what people will want to see from you: "This is a good conversation. Yes, we should only be collecting information that's absolutely necessary to enable features, and even then on an opt-in basis. If there's ever a need to collect more, then we'll deal with that in an update rather than trying to pre-optimize for scearnios that we can only guess about now."
Whoever thought it was okay to push out 2.3 without resolving this privacy issue need to have the keys taken away. For the "real" products I'm involved with, that person would find a security guard with a box waiting for them in the morning.
I don't expect this question to be answered, which is sad.
More information about the wp-hackers