On Fri, 15 Jun 2012, Ariel wrote: > You don't need them to. If you change the version number (add a > suffix) then it won't match the number google is looking for and > google won't do anything. You don't need google to change any code.
OK, might be. > >In any case, changing the version that Wordpress advertises is IMO a > >serious risk of breaking random plugins that verify the current > >version... > > Not the internal version number, which would have this risk. The > number displayed in the html. No plugin checks that, nothing checks > that except spammers and google. > > By leaving the number as it is you are inviting spammers to attack > based on the security issues they expect to find. Yes, the issues > are closed, but why invite attacks? If I follow you, we should drop that field instead of updating it... Updating it without changing the internal version number is more work than just changing the internal version number. And I really prefer to avoid divergence with upstream. BTW, it's not true that all the issues are closed in a timely fashion in Debian stable. If you noticed, we had to jump from 3.0.5 to 3.3.2 to fix most of the security issues because it's next to impossible to backport the relevant security fixes. Cheers, -- Raphaël Hertzog ◈ Debian Developer Get the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
