I don't know whether to laugh or cry. It is really sad to see a someone in a leadership role abuse their community this way. Hopefully Matt will come to his senses, add (or better, default to) an opt-in feature, and apologize for this lapse in judgment. This is being dugg as well... http://www.digg.com/security/Developers_Admit_WordPress_2_3_Spies_On_Users I think users are more likely to f*ck WorkPress than fork it. - Kevin Reynen On 9/25/07, Gerhard Killesreiter <gerhard@killesreiter.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
Cheers, Gerhard
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG+Uy8fg6TFvELooQRAtOuAJ4odYtpUcpG4DJI/YEFT2zKpKqEkgCghYwY +WLvisIZurxg9bTimksiyJY= =UevE -----END PGP SIGNATURE-----