[hambil]

Quote:

Originally Posted by Paul M

Of course, it won't make any difference to you since you decided to take all your mods away anyway.

If fairness, if I'm not allowed to say why I did the above, you should not be allowed to use it against me.

Quote:

Originally Posted by Paul M

There is a big difference between commercial sites and here - your proposal relies on the author actually fixing it - experience shows that this is rarely the case for free modifications released here (take vbplaza, that's still not fixed, months after the holes were found and notified to the author).

This is, perhaps, the crux of the current misunderstanding. I remember vbShout going unfixed forever, until Brad had to fix it. I remember other hacks that had similar issues. That is why I know what the policy used to be - notify the author asking them to change it, and only if they were unresponsive for a fair amount of time would the mod be disabled or, fixed by staff if a staff member was willing.

For such a dramatic change in policy to take place, and for an active hack author to not even know about it, is a serious flaw in the conduct of business - regardless of what you say about the rules being posted.

How about a show of 'virtual hands' for coders who had no idea a policy change had been implemented? I'm sure I'm not alone.

That aside, I still think it's a flawed policy. The email that went out to all the users stated:
This modification contains a MySQL injection vulnerability

It was also put into the thread itself in nice large red letters:
This modification contains a MySQL injection vulnerability

This puts every user of the hack at risk. It also creates a nice little searchable database for anyone who might want to start hacking VB sites. It's an all around bad idea.