[wp-hackers] WordPress 3.0.3
Eric Mann
eric at eam.me
Wed Dec 8 21:06:22 UTC 2010
I think it should be an option that is disabled by default. Then, if/when a
security/maintenance fix is published we could expose an "install future
maintenance releases automatically" option in the UI if it's not already
enabled. This way, it's highly unlikely someone who doesn't know what
they're doing will turn it on by mistake.
The Wordpress => WordPress filter is a filter ... meaning it's an
API/feature change. Filters, hooks, etc wouldn't be included in
security/maintenance releases, only major ones.
On Wed, Dec 8, 2010 at 12:56 PM, Blue Chives <info at bluechives.com> wrote:
> +1 as long as a) it's an optional setting and b) rubbish like the capital
> p dangit function never make there way through this route.
>
> On 8 Dec 2010, at 20:50, Eric Mann <eric at eam.me> wrote:
>
> > Maybe we should add a feature where WordPress could auto-update security
> > releases silently. Since they're patches to plug vulnerabilities in
> core,
> > they don't affect the APIs used by plug-ins or themes. I know you have
> to
> > put some thought in doing a major version update (i.e. 3.0.X to 3.1)
> because
> > new features and changed APIs might break certain things on your site ...
> > but a security release doesn't have that, and (arguably) is more
> important
> > as an urgent update.
> >
> > Windows will auto-install security updates. So will Mac. With WordPress
> > being depended on more and more as an intranet/blog/internet/cms
> operating
> > system, it only makes sense that vital updates should be capable of
> > automation. Then we wouldn't have to worry about the non-techies
> ignoring
> > the security updates. We'd also have fewer "my blog was hacked because I
> > waited a week to upgrade to plug a well-documented security hole in my
> site"
> > support requests.
> >
> > On Wed, Dec 8, 2010 at 12:41 PM, Vid Luther <vid at zippykid.com> wrote:
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> In my personal experience most non techies ignore software updates.
> >> They've been trained by IT folks and Windows that an update may break
> >> something, so they don't upgrade.
> >>
> >>
> >> But, I think the Mitch wanted to know the triage process.
> >>
> >>
> >>> Alexander Hempton-Smith December 8, 2010 2:39 PM:
> >>>
> >>> Although I agree a published explanation of the importance is a great
> >>> idea; with our 1-click upgrade built into core I'm surprised there's
> >>> an issue.
> >>>
> >>> I don't imagine many users have a problem installing software updates
> >>> on their computers... Or maybe they do!?
> >>>
> >>> -- Alex
> >>>
> >>> Sent from my iPhone
> >>>
> >>> On 8 Dec 2010, at 20:35, Blue Chives <info at bluechives.com> wrote:
> >>>
> >>>> An explanation would be a great idea, especially to help us when
> >> dealing with recent converts.
> >>>>
> >>>> Cheers
> >>>>
> >>>> John.
> >>>>
> >>>> On 8 Dec 2010, at 20:31, Mitch Canter <mitch at mitchcanter.com> wrote:
> >>>>
> >>>>> On a bit of a related subject, I have a question. Is there an online
> >> resource with the step-by-step of (or could someone enlighten the
> process
> >> of) how a Security Release rolls out from start to finish? There are a
> lot
> >> of users that are questioning the need for 2 releases in such a short
> time
> >> and having a detailed explanation (I think) would serve as a fantastic
> >> resource as to the why (and not just to "here's a new release go
> download
> >> it" which may offput some users).
> >>>>>
> >>>>> Mitch C
> >>>>>
> >>>>>> From: wp at andrewnacin.com
> >>>>>> Date: Wed, 8 Dec 2010 14:21:55 -0500
> >>>>>> To: wp-hackers at lists.automattic.com
> >>>>>> Subject: Re: [wp-hackers] WordPress 3.0.3
> >>>>>>
> >>>>>> On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz>
> wrote:
> >>>>>>
> >>>>>>>> I'd advise you to update your plugin compatibility as appropriate.
> >>>>>>> Plugins
> >>>>>>>> should be unaffected by this release.
> >>>>>>> I see that now when your mark plugin as compatible with one
> version,
> >> all
> >>>>>>> versions from that branch will be reported as compatible.
> >>>>>>>
> >>>>>>> For example, plugins that are marked as compatible with 3.0, 3.0.1
> >> and
> >>>>>>> 3.0.2
> >>>>>>> are now marked as compatible up to 3.0.3.
> >>>>>> This isn't always going to be the case, but I do agree there is room
> >> for
> >>>>>> improvement here.
> >>>>>>
> >>>>>> We're going to work on a way to cause the plugin compatibility
> system
> >> to
> >>>>>> treat certain releases (those we manually specify) as equal.
> >>>>>>
> >>>>>> Nacin
> >>>>>> _______________________________________________
> >>>>>> wp-hackers mailing list
> >>>>>> wp-hackers at lists.automattic.com
> >>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>> _______________________________________________
> >>>>> wp-hackers mailing list
> >>>>> wp-hackers at lists.automattic.com
> >>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>> _______________________________________________
> >>>> wp-hackers mailing list
> >>>> wp-hackers at lists.automattic.com
> >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>
> >>>
> ------------------------------------------------------------------------
> >>>
> >>> Blue Chives December 8, 2010 2:33 PM:
> >>>
> >>> An explanation would be a great idea, especially to help us when
> dealing
> >> with recent converts.
> >>>
> >>> Cheers
> >>>
> >>> John.
> >>>
> >>> On 8 Dec 2010, at 20:31, Mitch Canter <mitch at mitchcanter.com> wrote:
> >>>
> >>>> On a bit of a related subject, I have a question. Is there an online
> >> resource with the step-by-step of (or could someone enlighten the
> process
> >> of) how a Security Release rolls out from start to finish? There are a
> lot
> >> of users that are questioning the need for 2 releases in such a short
> time
> >> and having a detailed explanation (I think) would serve as a fantastic
> >> resource as to the why (and not just to "here's a new release go
> download
> >> it" which may offput some users).
> >>>>
> >>>> Mitch C
> >>>>
> >>>>> From: wp at andrewnacin.com
> >>>>> Date: Wed, 8 Dec 2010 14:21:55 -0500
> >>>>> To: wp-hackers at lists.automattic.com
> >>>>> Subject: Re: [wp-hackers] WordPress 3.0.3
> >>>>>
> >>>>> On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz>
> wrote:
> >>>>>
> >>>>>>> I'd advise you to update your plugin compatibility as appropriate.
> >>>>>> Plugins
> >>>>>>> should be unaffected by this release.
> >>>>>> I see that now when your mark plugin as compatible with one version,
> >> all
> >>>>>> versions from that branch will be reported as compatible.
> >>>>>>
> >>>>>> For example, plugins that are marked as compatible with 3.0, 3.0.1
> and
> >>>>>> 3.0.2
> >>>>>> are now marked as compatible up to 3.0.3.
> >>>>> This isn't always going to be the case, but I do agree there is room
> >> for
> >>>>> improvement here.
> >>>>>
> >>>>> We're going to work on a way to cause the plugin compatibility system
> >> to
> >>>>> treat certain releases (those we manually specify) as equal.
> >>>>>
> >>>>> Nacin
> >>>>> _______________________________________________
> >>>>> wp-hackers mailing list
> >>>>> wp-hackers at lists.automattic.com
> >>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>
> >>>> _______________________________________________
> >>>> wp-hackers mailing list
> >>>> wp-hackers at lists.automattic.com
> >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>
> >>>
> ------------------------------------------------------------------------
> >>>
> >>> Mitch Canter December 8, 2010 2:31 PM:
> >>>
> >>> On a bit of a related subject, I have a question. Is there an online
> >> resource with the step-by-step of (or could someone enlighten the
> process
> >> of) how a Security Release rolls out from start to finish? There are a
> lot
> >> of users that are questioning the need for 2 releases in such a short
> time
> >> and having a detailed explanation (I think) would serve as a fantastic
> >> resource as to the why (and not just to "here's a new release go
> download
> >> it" which may offput some users).
> >>>
> >>> Mitch C
> >>>
> >>>> From: wp at andrewnacin.com
> >>>> Date: Wed, 8 Dec 2010 14:21:55 -0500
> >>>> To: wp-hackers at lists.automattic.com
> >>>> Subject: Re: [wp-hackers] WordPress 3.0.3
> >>>>
> >>>> On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz> wrote:
> >>>>
> >>>>>> I'd advise you to update your plugin compatibility as appropriate.
> >>>>> Plugins
> >>>>>> should be unaffected by this release.
> >>>>> I see that now when your mark plugin as compatible with one version,
> >> all
> >>>>> versions from that branch will be reported as compatible.
> >>>>>
> >>>>> For example, plugins that are marked as compatible with 3.0, 3.0.1
> and
> >>>>> 3.0.2
> >>>>> are now marked as compatible up to 3.0.3.
> >>>> This isn't always going to be the case, but I do agree there is room
> for
> >>>> improvement here.
> >>>>
> >>>> We're going to work on a way to cause the plugin compatibility system
> to
> >>>> treat certain releases (those we manually specify) as equal.
> >>>>
> >>>> Nacin
> >>>> _______________________________________________
> >>>> wp-hackers mailing list
> >>>> wp-hackers at lists.automattic.com
> >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>
> >>>
> ------------------------------------------------------------------------
> >>>
> >>> Andrew Nacin December 8, 2010 1:21 PM:
> >>>
> >>> On Wed, Dec 8, 2010 at 2:16 PM, Milan Dinić <liste at srpski.biz> wrote:
> >>>
> >>>>> I'd advise you to update your plugin compatibility as appropriate.
> >>>> Plugins
> >>>>> should be unaffected by this release.
> >>>> I see that now when your mark plugin as compatible with one version,
> all
> >>>> versions from that branch will be reported as compatible.
> >>>>
> >>>> For example, plugins that are marked as compatible with 3.0, 3.0.1 and
> >>>> 3.0.2
> >>>> are now marked as compatible up to 3.0.3.
> >>>
> >>>
> >>> This isn't always going to be the case, but I do agree there is room
> for
> >>> improvement here.
> >>>
> >>> We're going to work on a way to cause the plugin compatibility system
> to
> >>> treat certain releases (those we manually specify) as equal.
> >>>
> >>> Nacin
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>
> >>>
> ------------------------------------------------------------------------
> >>>
> >>> Milan Dinić December 8, 2010 1:16 PM:
> >>>
> >>>> I'd advise you to update your plugin compatibility as appropriate.
> >> Plugins
> >>>> should be unaffected by this release.
> >>>
> >>>
> >>> I see that now when your mark plugin as compatible with one version,
> all
> >>> versions from that branch will be reported as compatible.
> >>>
> >>> For example, plugins that are marked as compatible with 3.0, 3.0.1 and
> >> 3.0.2
> >>> are now marked as compatible up to 3.0.3.
> >>>
> >>> 2010/12/8 Andrew Nacin <nacin at wordpress.org>
> >>>
> >>>> WordPress 3.0.3 has been released. This is a security release for all
> >>>> previous WordPress versions.
> >>>>
> >>>> This release fixes issues in XML-RPC where which under certain
> >>>> circumstances
> >>>> allowed Author- and Contributor-level users to improperly edit,
> publish,
> >> or
> >>>> delete posts. This release only affects sites which have XML-RPC
> >> enabled.
> >>>>
> >>>> Those wishing to continue to test the 3.1 Beta, please note that the
> >>>> currently nightly build contains the fixes that were included in
> 3.0.3.
> >>>>
> >>>> I'd advise you to update your plugin compatibility as appropriate.
> >> Plugins
> >>>> should be unaffected by this release.
> >>>>
> >>>> Release announcement:
> >> http://wordpress.org/news/2010/12/wordpress-3-0-3/.
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Andrew Nacin
> >>>> Core Developer
> >>>> WordPress.org
> >>>> _______________________________________________
> >>>> wp-hackers mailing list
> >>>> wp-hackers at lists.automattic.com
> >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
> >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >>
> >> iEYEARECAAYFAkz/7YsACgkQk2/z0szfu9qHrQCfShAW2zmX7PAWrIBpJbE1tvjG
> >> L+gAnj4b1WrTjxVIkHCsslJ1DqLp0UpO
> >> =4krj
> >> -----END PGP SIGNATURE-----
> >> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list