A bug in a piece of widely used PHP-based software was announced a few days ago, and it's now being actively exploited by spammers: http://wordpress.org/development/2008/02/wordpress-233/ Affected machines include my server, which is running F-8. Eep. If a package maintainer doesn't turn a security fix around quickly, is it reasonable (albeit a bit less than totally polite) to step in and do the update oneself, assuming the ACLs permit it? In this case, I found that jwb was already making the necessary edits just as I was checking the wordpress module out of CVS, which is cool, but what's the general it's-a-weekend-and-everyone's-gone-skiing practice? <b -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
