An Agreeable Openness
Well, again we’ve got folks claiming to have found a remote SQL injection in WordPress, one that affects all versions. At least the discoverer, Alexander Concha, did the right thing: notifying the WP folks. He’s chosen not to disclose information about the hole, which means one of two things:
- It’s bogus.
- It’s heinous.
Because I’m weird and like to know about these things, maybe I should just ask Mark Jaquith about it, considering that he was great in discussing the WordPress “worm”. Matt’s probably still busy defending himself against straw men, anyway.
So, how about it, boys? Can you address the question? Or will it just be four weeks between notice and release without much comment otherwise? Yes, yes, yes, I imagine that I could look this up in Trac, but I’m an aerospace engineer, not a computer one; your PHP is as fuzzy to me as my Navier-Stokes equations likely are to you.
Lest you think that I am anti-Matt here, I’m not, because I think Duncan Riley was being an ass. Implicit in that comment is agreement with Mark Jaquith’s comments on the saga, especially:
Matt made a huge mistake by allowing [all the SEO-optimized crap on WordPress.org]. I was disappointed in him at the time, both personally and professionally. But he’s learned from that mistake. More than that, he’s lead efforts to warn others about that kind of behavior. That’s what the whole “sponsored themes” thing was about. That’s what the Vanilla comment was about.
See, exactly. While I have butted heads with Matt, I always find him willing to listen. That’s why I’d buy him several, several beers if we ever ended up in Houston at the same time. [Note to self: next time you're headed to JSC for work, ring Matt up.]