On 19 Oct 2006, at 16:59, inkfree press wrote:
That would really seem like information which should have been prepared before the release, and then submitted or posted along with the update. I know this is the 'dev' list, and so converting modules and such is important for readers of this list. However, from a "user"/"administrator" point of view, "converting" modules is not on the radar.
"Dries Buytaert" wrote:
We spent quite a bit of time preparing these patches, and debating the pro and cons. Heine et al have been a godsend. Sometimes, stuff like this happens, and when it happens, the reaction should not be to bash the security team, but to collaboratively focus on fixing the affected modules.
No bashing here, Dries. No bashing at all. I said, with real appreciation:
Thanks to the security team for keeping things safe. We all _really do_ appreciate the work and the effort. (My mild complaints or observations about the announcement do not discount this work or the appreciation.)
I do take your point, however, and quite understand that these decisions were made with thoughtfulness and with concern. Small gripes about things aside, it appears that the affected list of modern modules is rather small (from what I read as posted here.)
That said, we're open for suggestions, and we'll take these into account in future. Also, if you want to play an active role in the security team, you can sign up by sending us an e-mail.
I don't know about "active role", but I do know about "passive role", which I addressed by subscribing to that list. I am not skilled at securing PHP or SQL, but I do have an interest in keep abreast of the issues and of the discussions as they happen. (Just prudence, so that I don't feel torn again between applying an update or breaking a slew of sites.)
I did (just now) subscribe to the security announcement list, so that if I have any comments I can make them in a more appropriate place.
So...I subscribed to the Security Announcement list (no posts since Thu, 19 Oct 2006 07:31:02 -0700 (PDT), however). Thanks for your reply. -- inkfree