I don't know whether to laugh or cry.  It is really sad to see a
someone in a leadership role abuse their community this way.  Hopefully
Matt will come to his senses, add (or better, default to) an opt-in
feature, and apologize for this lapse in judgment.<br>
<br>
This is being dugg as well...<br>
<br>
<a href="http://www.digg.com/security/Developers_Admit_WordPress_2_3_Spies_On_Users">http://www.digg.com/security/Developers_Admit_WordPress_2_3_Spies_On_Users</a><br>
<br>
I think users are more likely to f*ck WorkPress than fork it.&nbsp; <br>
<br>
- Kevin Reynen<br><br><div><span class="gmail_quote">On 9/25/07, <b class="gmail_sendername">Gerhard Killesreiter</b> &lt;<a href="mailto:gerhard@killesreiter.de">gerhard@killesreiter.de</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>Khalid Baheyeldin schrieb:<br>&gt; The drupal module in 5.x sends a subset of this (site name, URI, IIRC).<br>&gt; The new update module in 6.x supersedes that, but I am not up to date
<br>&gt; on the details. It includes installed modules too.<br>&gt;<br>&gt; I think the data is in the DB of <a href="http://drupal.org">drupal.org</a>.<br>&gt;<br>&gt; Is it a big deal if the that info is sent? The highest rated comments so far
<br>&gt; downplay that it is an issue at all.<br><br>I think the main issue (and a serious one) is that this is done without<br>asking the user and without the possibility to switch it off without<br>extra work. Drupal&#39;s phone home feature has always been &quot;opt in&quot;.
<br><br>Cheers,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Gerhard<br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.6 (GNU/Linux)<br><br>iD8DBQFG+Uy8fg6TFvELooQRAtOuAJ4odYtpUcpG4DJI/YEFT2zKpKqEkgCghYwY<br>+WLvisIZurxg9bTimksiyJY=<br>=UevE<br>
-----END PGP SIGNATURE-----<br></blockquote></div><br>