Nick Jenkins wrote:
[Tim Starling wrote]:
This sort of thing really doesn't need to be
reported to wikitech-l.
Whoa! Time out for a reality check.
Let me say this very simply: YOU DON'T GET TO MAKE THAT DECISION. The ONLY person who
gets to choose how a bug is reported is THE
PERSON WHO FINDS IT.
No shit, Sherlock. You have the ability to choose how you behave. You can
throw rocks through windows or cry when you don't get your way, or whatever
you feel like doing. I'm only suggesting that you have some consideration
when you choose your path.
Whenvever you post one of these "OMFG security flaw" posts to a public
mailing list, it damages the reputation of MediaWiki as a secure and stable
wiki engine. These posts will be archived and available in the search
engines forever. Some people are going to search for "mediawiki security" on
google and judge it by what they find.
What we would like is for MediaWiki to be judged by the reliability of its
release versions, not whatever happens to be at the head of the trunk in any
particular second.
Now as you rightly point out, you are free to make these posts. But that
doesn't mean you're going to make any friends by doing it. Yes, you are free
to annoy as many people as you like, but I think you will find that to be a
bitter and unfulfilling path to take in life.
I shall be happy to email yourself and Brion an
updated version of the script that I'm using (you'll have to check it in, as I
don't
have commit privileges). I'll endeavour to get it you today, but failing that some
time this week. As with all software I'm sure it
can be improved, but it's probably better to have something more current checked in
to the tree than the old version that is there
currently.
I'm sure we can arrange commit access for you.
-- Tim Starling