Thanks Donncha, that is constructive and useful, I subscribed.
ps: DrMike, that cynicism is again not needed, why do you keep bashing new (and old) members of this community when they point out that communication streams are absent or not clear or that some people are not full-time developers? It took 20 posts before a useful answer was placed, even though the worries of the original poster -and many with him- have not been addressed
It took me a long time to sign up for this forum as I saw how newcomers (whether their questions were stupid or valid, answered before or not) were treated by some, mostly you. Some of us do not have enough inside knowledge to add to the code itself, but show their appreciation by adding to community instead and pointing out things that might help.
FYI: I wrote:
>>Can there at least be an admin-controlled announcement thread where critical bugs are reported?
<snip> Where every post links to a thread where the bug is discussed with links to solutions?
--> Then at least we can subscribe to the feed of the bugs topic.<-- (arrows added)
It would also prevent a lot of vaguely half-related and difficult-to-find-posts all over the place in the forum if vulnerabilities are announced in a dedicated board or at least thread. But hey, I am new, so what do I know.
And so what if I and others prefer an optional/additional mailinglist as well, does that make me a lesser person than you? I rather get two notices that my site is vulnerable than zero. Even 5 minutes per day at trac can be not enough when a hole is discovered. I rather get an email and fix my site if needed than anything else I might have been doing if I hadn't been alerted.
FYI:
a different open source project, SMF, does send out emails to all members, but only when:
- there is a new version available, triggered by a hotfix or not, with link to a forum post with details
Of course they would update the public downloadable version as well, the moment they found out that it had a hole in it.
If you would have logged in as Admin with SMF then you might have seen the same announcement as well, together with literally 3 click install/update. But the SMF development team realize that not all webmasters are sitting at home constantly refreshing the admin's homepage (or trac in this case) waiting for bad things to have happened.
I think that is a safe realization helping them to get both more users and feedback. But this is WPMU and not SMF and hey, I am new, so what do I know.