Webwork - 5:37 pm on Nov 1, 2013 (gmt 0)
I'm curious how, without server admin privileges, WP accomplishes this automated tweaking of the software one's server is running . . and how widespread this practice - of granting admin-type access privileges to alter server hosted software - is?
What spooks me more than the possibility of plugin/server conflict issues is the ability of the boys and girls at WP.org - or anyone else smart enough to gain (hack) access to the new WP update system system - to exploit it - "given admin access" to every install of WP. Seems like the opening of a backdoor to killing or reconfiguring (for good or evil) every install of WP.
"Knock, knock. Hello, this is the NSA. We're having a problem and we need to create a massive botnet to counter a cyber-attack that is threatening national security. May we borrow your WP network . . and the home PCs of everyone administering those WP sites . . and the PCs of everyone visiting those sites . .. ahem . . borrow them by uploading an "improvement" to the WP core that will enable us to take control of ALL those machines for awhile? Don't worry. We'll given them back . . cough . . cough."
Just how common is this practice and how do we know exactly how much more data/info/insight/access WP can glean from making this "improvement"?