On 10/20/2006 8:19:21 AM, Dries Buytaert (dries.buytaert@gmail.com) wrote:

That said, we're open for suggestions, and we'll take these into account in future. Also, if you want to play an active role in the security team, you can sign up by sending us an e-mail.

My suggestion would be to add a note about the potential to break sites in the teaser on the front page. It's unusual for a security update to cause problems and people might just grab the tar without opening the full post. Yes, you can argue that it's their own fault for not RTFM, but a short warning in the teaser might save people a lot of headaches. I certainly don't want to bash the security team and think they're doing a fine job. But I must admit that I, a non-dev site admin, am still confused about the potential problems. There was a long list of "maybe problem maybe false positive" modules in the email from Heine and I still haven't upgraded my sites because I'm afraid of what might break. Given that I'm a contrib addict, the odds of my site breaking are a lot higher than of it being hacked so I'm waiting until more information comes through on the contrib module status. Thanks, Michelle