[wp-hackers] [Fwd: Re: Wordpress 1.2.2 is still vulnerable] && Bugs In WordPress

Matthew Mullenweg m at mullenweg.com
Wed Dec 22 09:45:54 UTC 2004


Brian Puccio wrote:
> That's from way back in September (also, he said he emailed Matt, but
> didn't get a response, in Matt's defense, I believe that's when he was
> moving to take on his new job.)

We already covered this, I never received an email from him. I did 
receive emails from him later.

> It seems to me that this guy has quite a knack for finding exploits.
> Any of the higher ups (not sure of the hierarchy of WordPress, not sure
> who runs what, who has CVS access, etc) ever think of sending him an
> email and asking him for some help?

1.2.2 was sent to him before it was released. He didn't mention this, so 
we either need to update the download or release a new version.

> Fourth, is the bug tracker to be used for plugins as well, if so, can
> each plugin be given their own project so we can easily see what
> problems are affecting WordPress and what is affecting someone else's
> code?  Example:

Plugins in the plugin repository can use that bug tracker, each bug can 
be filed under an author and is automatically assigned to its author.

http://dev.wp-plugins.org/newticket

> Sixth, over-exaggerated severity.  Everyone thinks the one bug they've
> found is of the utmost importance.  But when a link in the documentation
> is deemed major, what would one consider the bugs that Thomas Waldegger
> finds?  Majorly Major?  (Maybe we should have a yellow alert, orange
> alert sort of system, eh?)

I would support a fruit-based system: pears, kiwis, bananas, oranges, 
apples.

-- 
Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com



More information about the hackers mailing list