[wp-hackers] [Fwd: Re: Wordpress 1.2.2 is still vulnerable]
&& Bugs In WordPress
Matthew Mullenweg
m at mullenweg.com
Wed Dec 22 09:45:54 UTC 2004
Brian Puccio wrote:
> That's from way back in September (also, he said he emailed Matt, but
> didn't get a response, in Matt's defense, I believe that's when he was
> moving to take on his new job.)
We already covered this, I never received an email from him. I did
receive emails from him later.
> It seems to me that this guy has quite a knack for finding exploits.
> Any of the higher ups (not sure of the hierarchy of WordPress, not sure
> who runs what, who has CVS access, etc) ever think of sending him an
> email and asking him for some help?
1.2.2 was sent to him before it was released. He didn't mention this, so
we either need to update the download or release a new version.
> Fourth, is the bug tracker to be used for plugins as well, if so, can
> each plugin be given their own project so we can easily see what
> problems are affecting WordPress and what is affecting someone else's
> code? Example:
Plugins in the plugin repository can use that bug tracker, each bug can
be filed under an author and is automatically assigned to its author.
http://dev.wp-plugins.org/newticket
> Sixth, over-exaggerated severity. Everyone thinks the one bug they've
> found is of the utmost importance. But when a link in the documentation
> is deemed major, what would one consider the bugs that Thomas Waldegger
> finds? Majorly Major? (Maybe we should have a yellow alert, orange
> alert sort of system, eh?)
I would support a fruit-based system: pears, kiwis, bananas, oranges,
apples.
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the hackers
mailing list