I don't know whether to laugh or cry. It is really sad to see a
someone in a leadership role abuse their community this way. Hopefully
Matt will come to his senses, add (or better, default to) an opt-in
feature, and apologize for this lapse in judgment.<br>
<br>
This is being dugg as well...<br>
<br>
<a href="http://www.digg.com/security/Developers_Admit_WordPress_2_3_Spies_On_Users">http://www.digg.com/security/Developers_Admit_WordPress_2_3_Spies_On_Users</a><br>
<br>
I think users are more likely to f*ck WorkPress than fork it. <br>
<br>
- Kevin Reynen<br><br><div><span class="gmail_quote">On 9/25/07, <b class="gmail_sendername">Gerhard Killesreiter</b> <<a href="mailto:gerhard@killesreiter.de">gerhard@killesreiter.de</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>Khalid Baheyeldin schrieb:<br>> The drupal module in 5.x sends a subset of this (site name, URI, IIRC).<br>> The new update module in 6.x supersedes that, but I am not up to date
<br>> on the details. It includes installed modules too.<br>><br>> I think the data is in the DB of <a href="http://drupal.org">drupal.org</a>.<br>><br>> Is it a big deal if the that info is sent? The highest rated comments so far
<br>> downplay that it is an issue at all.<br><br>I think the main issue (and a serious one) is that this is done without<br>asking the user and without the possibility to switch it off without<br>extra work. Drupal's phone home feature has always been "opt in".
<br><br>Cheers,<br> Gerhard<br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.6 (GNU/Linux)<br><br>iD8DBQFG+Uy8fg6TFvELooQRAtOuAJ4odYtpUcpG4DJI/YEFT2zKpKqEkgCghYwY<br>+WLvisIZurxg9bTimksiyJY=<br>=UevE<br>
-----END PGP SIGNATURE-----<br></blockquote></div><br>