Some wrote... > ...
I must say I'm mystified by this discussion. It seems to be an odd argument between this good practice vs that good practice. Roy's patch is simple, safe, and reduces the exposure substantially to a known threat. I can't see any reason to defer letting it out; particularly now that people have been given a few days to give voice to any technical concerns about it. The worst outcome is that we are embaressed - we can handle that. Certainly it's a good thing to be careful. Giving the right folks a chance to look over a patch for stuff like this is a good thing. Careful is good. It's a lot easier to be careful before the exploit becomes widely known. Leaving the users with no option but to stay exposed, write their own patch, or upgrade is pretty stern medicine for us to be proscribing. It is very hard for some sites to upgrade. Let's put the patch back. - ben
