Quote:
Originally Posted by Paul M
Of course, it won't make any difference to you since you decided to take all your mods away anyway.
|
If fairness, if I'm not allowed to say why I did the above, you should not be allowed to use it against me.
Quote:
Originally Posted by Paul M
There is a big difference between commercial sites and here - your proposal relies on the author actually fixing it - experience shows that this is rarely the case for free modifications released here (take vbplaza, that's still not fixed, months after the holes were found and notified to the author).
|
This is, perhaps, the crux of the current misunderstanding. I remember vbShout going unfixed forever, until Brad had to fix it. I remember other hacks that had similar issues. That is why I know what the policy used to be - notify the author asking them to change it, and only if they were unresponsive for a fair amount of time would the mod be disabled or, fixed by staff if a staff member was willing.
For such a dramatic change in policy to take place, and for an active hack author to not even know about it, is a serious flaw in the conduct of business - regardless of what you say about the rules being posted.
How about a show of 'virtual hands' for coders who had no idea a policy change had been implemented? I'm sure I'm not alone.
That aside, I still think it's a flawed policy. The email that went out to all the users stated:
This modification contains a MySQL injection vulnerability
It was also put into the thread itself in nice large red letters:
This modification contains a MySQL injection vulnerability
This puts every user of the hack at risk. It also creates a nice little searchable database for anyone who might want to start hacking VB sites. It's an all around bad idea.
07-01-2007, 02:03 PM
Hybrid Mode
