On Fri, 15 Jun 2012, Raphael Hertzog wrote:
On Wed, 21 Sep 2011, Ariel wrote:
Google sends out alerts warning site owners if their version of
wordpress is out of date, because of the risk of security issues.
However debian already handles the security issues even on old versions,
so there is no reason for google to alert such users.
I doubt that would google will take Debian into account in this manner.
You don't need them to. If you change the version number (add a suffix)
then it won't match the number google is looking for and google won't do
anything. You don't need google to change any code.
In any case, changing the version that Wordpress advertises is IMO a
serious risk of breaking random plugins that verify the current
version...
Not the internal version number, which would have this risk. The number
displayed in the html. No plugin checks that, nothing checks that except
spammers and google.
By leaving the number as it is you are inviting spammers to attack based
on the security issues they expect to find. Yes, the issues are closed,
but why invite attacks?
Change:
<meta name="generator" content="WordPress 3.3.2" />
To:
<meta name="generator" content="WordPress 3.3.2+dfsg-1" />
-Ariel
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
