dear guys from WordPress, dont mess with good versioning and information policy. Regarding the security story with WP 1.5.2, your reaction, still missing an official statement, i am somehow disappointed, that your information policy is that bad. Is it that hard to report all relevant news onto wordpress.org?
Upon this little, underestimated things the future of a software solution is build, as long as you dont have a marketing budget as Microsoft does.
I expect to get information about security issues from a central, easy-findable place from any project or product that has public exposure and more than a handful of users. (Yes, I expect that from open source projects too. Look around the net to see how good others handle it.) Expecting your users to gather information about a problem from forums, blogs, foreign sites, or the source code is simply unprofessional.
