Discovery Credit Policy
In the past, several "researchers" tried to make a name for themselves by publishing phpCOIN exploit code on the internet before letting us know of an issue. This behaviour was irresponsible and needlessly endangered our users. This post is to clarify our policy regarding security issues.
We do like folks who let us know about issues so we can fix them. We consider them responsible professionals, so will happily continue to give them credit and a link in our announcements. We also have no problem with the discoverer publicizing his/her work about a week after a fix has been issued, so our users have time to upgrade first.
We do not like folks who discover something then immediately post hack instructions all over the internet. We consider them glory-seekers who recklessly put our users at risk. Because they went public before notifying us of an issue and giving us a chance to address it, we will no longer give them credit or a link in our announcements because they recklessly endangered our users.
So, if you have discovered, or suspect, a security-related issue, create an account in our Bugs site and post your findings, or, at the very least, eMail us with full details.
These are bleeding edge, full packages that contain every bug and security fix addressed to the date of the release and any new features that have been included.
Whilst every care has been taken to ensure that the Development Snapshots can be applied in the upgrade path from prior snapshots or from RC or Stable packages, care should be taken before deployment and full database and fileset backups should be taken before attempting to install.
The developers will accept NO responsibility from the use of Development Snapshots, but we should like to encourage users to try them out in their test environments and give us feedback.
Release Candidates (RC)
Release Candidates (RC) are intended to be the final roll-up of development, security and bug fixs prior to releasing a 'Stable' package. Any last minute fixs will be included in the RC versions and, when we get positive feedback from our users, a Stable package will be released.