[wp-hackers] WordPress 3.0.3
Eric Mann
eric at eam.me
Wed Dec 8 20:50:27 UTC 2010
Maybe we should add a feature where WordPress could auto-update security
releases silently. Since they're patches to plug vulnerabilities in core,
they don't affect the APIs used by plug-ins or themes. I know you have to
put some thought in doing a major version update (i.e. 3.0.X to 3.1) because
new features and changed APIs might break certain things on your site ...
but a security release doesn't have that, and (arguably) is more important
as an urgent update.
Windows will auto-install security updates. So will Mac. With WordPress
being depended on more and more as an intranet/blog/internet/cms operating
system, it only makes sense that vital updates should be capable of
automation. Then we wouldn't have to worry about the non-techies ignoring
the security updates. We'd also have fewer "my blog was hacked because I
waited a week to upgrade to plug a well-documented security hole in my site"
support requests.
On Wed, Dec 8, 2010 at 12:41 PM, Vid Luther <vid at zippykid.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In my personal experience most non techies ignore software updates.
> They've been trained by IT folks and Windows that an update may break
> something, so they don't upgrade.
>
>
> But, I think the Mitch wanted to know the triage process.
>
>
> > Alexander Hempton-Smith December 8, 2010 2:39 PM:
> >
> > Although I agree a published explanation of the importance is a great
> > idea; with our 1-click upgrade built into core I'm surprised there's
> > an issue.
> >
> > I don't imagine many users have a problem installing software updates
> > on their computers... Or maybe they do!?
> >
> > -- Alex
> >
> > Sent from my iPhone
> >
> > On 8 Dec 2010, at 20:35, Blue Chives <info at bluechives.com> wrote:
> >
> >> An explanation would be a great idea, especially to help us when
> dealing with recent converts.
> >>
> >> Cheers
> >>
> >> John.
> >>
> >> On 8 Dec 2010, at 20:31, Mitch Canter <mitch at mitchcanter.com> wrote:
> >>
> >>> On a bit of a related subject, I have a question. Is there an online
> resource with the step-by-step of (or could someone enlighten the process
> of) how a Security Release rolls out from start to finish? There are a lot
> of users that are questioning the need for 2 releases in such a short time
> and having a detailed explanation (I think) would serve as a fantastic
> resource as to the why (and not just to "here's a new release go download
> it" which may offput some users).
> >>>
> >>> Mitch C
> >>>
> >>>> From: wp at andrewnacin.com
> >>>> Date: Wed, 8 Dec 2010 14:21:55 -0500
> >>>> To: wp-hackers at lists.automattic.com
> >>>> Subject: Re: [wp-hackers] WordPress 3.0.3
> >>>>
> >>>> On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz> wrote:
> >>>>
> >>>>>> I'd advise you to update your plugin compatibility as appropriate.
> >>>>> Plugins
> >>>>>> should be unaffected by this release.
> >>>>> I see that now when your mark plugin as compatible with one version,
> all
> >>>>> versions from that branch will be reported as compatible.
> >>>>>
> >>>>> For example, plugins that are marked as compatible with 3.0, 3.0.1
> and
> >>>>> 3.0.2
> >>>>> are now marked as compatible up to 3.0.3.
> >>>> This isn't always going to be the case, but I do agree there is room
> for
> >>>> improvement here.
> >>>>
> >>>> We're going to work on a way to cause the plugin compatibility system
> to
> >>>> treat certain releases (those we manually specify) as equal.
> >>>>
> >>>> Nacin
> >>>> _______________________________________________
> >>>> wp-hackers mailing list
> >>>> wp-hackers at lists.automattic.com
> >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > ------------------------------------------------------------------------
> >
> > Blue Chives December 8, 2010 2:33 PM:
> >
> > An explanation would be a great idea, especially to help us when dealing
> with recent converts.
> >
> > Cheers
> >
> > John.
> >
> > On 8 Dec 2010, at 20:31, Mitch Canter <mitch at mitchcanter.com> wrote:
> >
> >> On a bit of a related subject, I have a question. Is there an online
> resource with the step-by-step of (or could someone enlighten the process
> of) how a Security Release rolls out from start to finish? There are a lot
> of users that are questioning the need for 2 releases in such a short time
> and having a detailed explanation (I think) would serve as a fantastic
> resource as to the why (and not just to "here's a new release go download
> it" which may offput some users).
> >>
> >> Mitch C
> >>
> >>> From: wp at andrewnacin.com
> >>> Date: Wed, 8 Dec 2010 14:21:55 -0500
> >>> To: wp-hackers at lists.automattic.com
> >>> Subject: Re: [wp-hackers] WordPress 3.0.3
> >>>
> >>> On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz> wrote:
> >>>
> >>>>> I'd advise you to update your plugin compatibility as appropriate.
> >>>> Plugins
> >>>>> should be unaffected by this release.
> >>>> I see that now when your mark plugin as compatible with one version,
> all
> >>>> versions from that branch will be reported as compatible.
> >>>>
> >>>> For example, plugins that are marked as compatible with 3.0, 3.0.1 and
> >>>> 3.0.2
> >>>> are now marked as compatible up to 3.0.3.
> >>> This isn't always going to be the case, but I do agree there is room
> for
> >>> improvement here.
> >>>
> >>> We're going to work on a way to cause the plugin compatibility system
> to
> >>> treat certain releases (those we manually specify) as equal.
> >>>
> >>> Nacin
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>
> >> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > ------------------------------------------------------------------------
> >
> > Mitch Canter December 8, 2010 2:31 PM:
> >
> > On a bit of a related subject, I have a question. Is there an online
> resource with the step-by-step of (or could someone enlighten the process
> of) how a Security Release rolls out from start to finish? There are a lot
> of users that are questioning the need for 2 releases in such a short time
> and having a detailed explanation (I think) would serve as a fantastic
> resource as to the why (and not just to "here's a new release go download
> it" which may offput some users).
> >
> > Mitch C
> >
> >> From: wp at andrewnacin.com
> >> Date: Wed, 8 Dec 2010 14:21:55 -0500
> >> To: wp-hackers at lists.automattic.com
> >> Subject: Re: [wp-hackers] WordPress 3.0.3
> >>
> >> On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz> wrote:
> >>
> >>>> I'd advise you to update your plugin compatibility as appropriate.
> >>> Plugins
> >>>> should be unaffected by this release.
> >>> I see that now when your mark plugin as compatible with one version,
> all
> >>> versions from that branch will be reported as compatible.
> >>>
> >>> For example, plugins that are marked as compatible with 3.0, 3.0.1 and
> >>> 3.0.2
> >>> are now marked as compatible up to 3.0.3.
> >> This isn't always going to be the case, but I do agree there is room for
> >> improvement here.
> >>
> >> We're going to work on a way to cause the plugin compatibility system to
> >> treat certain releases (those we manually specify) as equal.
> >>
> >> Nacin
> >> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > ------------------------------------------------------------------------
> >
> > Andrew Nacin December 8, 2010 1:21 PM:
> >
> > On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz> wrote:
> >
> >>> I'd advise you to update your plugin compatibility as appropriate.
> >> Plugins
> >>> should be unaffected by this release.
> >> I see that now when your mark plugin as compatible with one version, all
> >> versions from that branch will be reported as compatible.
> >>
> >> For example, plugins that are marked as compatible with 3.0, 3.0.1 and
> >> 3.0.2
> >> are now marked as compatible up to 3.0.3.
> >
> >
> > This isn't always going to be the case, but I do agree there is room for
> > improvement here.
> >
> > We're going to work on a way to cause the plugin compatibility system to
> > treat certain releases (those we manually specify) as equal.
> >
> > Nacin
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > ------------------------------------------------------------------------
> >
> > Milan Dinić December 8, 2010 1:16 PM:
> >
> >> I'd advise you to update your plugin compatibility as appropriate.
> Plugins
> >> should be unaffected by this release.
> >
> >
> > I see that now when your mark plugin as compatible with one version, all
> > versions from that branch will be reported as compatible.
> >
> > For example, plugins that are marked as compatible with 3.0, 3.0.1 and
> 3.0.2
> > are now marked as compatible up to 3.0.3.
> >
> > 2010/12/8 Andrew Nacin <nacin at wordpress.org>
> >
> >> WordPress 3.0.3 has been released. This is a security release for all
> >> previous WordPress versions.
> >>
> >> This release fixes issues in XML-RPC where which under certain
> >> circumstances
> >> allowed Author- and Contributor-level users to improperly edit, publish,
> or
> >> delete posts. This release only affects sites which have XML-RPC
> enabled.
> >>
> >> Those wishing to continue to test the 3.1 Beta, please note that the
> >> currently nightly build contains the fixes that were included in 3.0.3.
> >>
> >> I'd advise you to update your plugin compatibility as appropriate.
> Plugins
> >> should be unaffected by this release.
> >>
> >> Release announcement:
> http://wordpress.org/news/2010/12/wordpress-3-0-3/.
> >>
> >> Thanks,
> >>
> >> Andrew Nacin
> >> Core Developer
> >> WordPress.org
> >> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkz/7YsACgkQk2/z0szfu9qHrQCfShAW2zmX7PAWrIBpJbE1tvjG
> L+gAnj4b1WrTjxVIkHCsslJ1DqLp0UpO
> =4krj
> -----END PGP SIGNATURE-----
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list