Oh No! Yet Another WordPress Fix to a Fix to a Fix to a Fix
WordPress team has come up with yet another security fix (1.5.1.2), which fixes the fix (1.5.1.1), which fixes the fix (1.5.1), which is a fix for undisclosed security defects in WordPress 1.5.
Update: Now it should read: WordPress team has come up with yet another security fix (1.5.1.3) which fixes the (yet another undisclosed security risk) fix(1.5.1.2), which fixes the fix (1.5.1.1), which fixes the fix (1.5.1), which is a fix for undisclosed security defects in WordPress 1.5.
Ok now I am jaded. I have provided a patch for others like me to easily upgrade from 1.5.1.2 to 1.5.1.3.
Are you confused? I am not but I am not happy either. It is clear that this code needs a serious third-party security audit.
I am not a happy camper at how the security is being handled by this product. It is just patch-as-you-go approach combined with security-by-obscurity.
News Flash! It doesn't work. Obviously the software is not being well tested before hasty releases as was clearly evident from the way 1.5.1 was broken at several places.
This time around at least they cared enough to provide the patch for users who are unwilling to upgrade the product. Last time around (1.5 to 1.5.1) they refused to provide an independent patch. I had posted to the support site and had written to Matt, the key developer and haven't received any response from him. I was told in forum that he is a very busy person (no doubt with all these fixes), implying he doesn't have time to respond to his users.
Do you expect this of any production quality software or service provider? I can contact my web hosting provider in less than a minute and lately having my problems addressed in under 5 minutes on average.
I am assuming someone will politely point out that it is a free product and they are trying hard in their spare time…
But I want a quality product. I had chosen WordPress because I was impressed with the features and during my brief evaluation I couldn't find much quality issue except some shoddy code in places, but it was better of the worst for the features I was looking, especially strong spam protection features.
I am not using WordPress because the price is free. I expect quality from any product I use and open communication. If there is a problem, I need to know about it and how can I patch it without affecting other sections which are working.
My recent experiences indicated some lack of robustness in the product too. More on it later.
I am also trying hard to see it as an isolated issue as I had excellent support with few other Open Source products like POI or SpamBayes. However logically I can see sooner or later all Open Source project will have to suffer from the same problems. Why?
Software requires money to develop. Normally OSS folks do their stuff in free time. However sooner or later their managers are bound to realize that these OSS folks are having too much spare time on their hands and adequately load them with paying work. Also they themselves realize that Open Source doesn't pay and bring food on tables, so they divert their attention to profitable ventures. Not everyone is born with a silver spoon. And what happens to the OSS project? Hopefully someone with loads of spare time takes it up, till he runs out of time, for fame and recognition. How sustainable is it?
Today's big name Open Source projects are flourishing because of corporate sponsorship, mostly hardware companies with IBM mentality. How long do you think they will continue? Also they will sponsor limited products which ultimately benefits their bottomline.
As it stands today I am growing increasingly hesitant to recommend WordPress to quality and security conscious organizations and people.
Filed under CMS Software, Computer Security, Headline News, Open Source Software, Pro Blogging, Web, WordPress | 
| 
RSS 2.0 |
Trackback this Article
| 
Email this Article
You may also like to read |
May 28th, 2005 at 7:26 pm
try something not written in php, it’s not tha the devs are dumb, it’s the platform that makes errors easy ;P
May 29th, 2005 at 9:48 am
Nobody’s forcing you to use Wordpress, and I don’t think they have any legal responsibility to you.
Rather than rant about the problems, why don’t offer to help? Given your knowledge I’m sure you’ll be an asset to the dev team.
May 29th, 2005 at 12:02 pm
@verbat
I agree. I have looked at Java based products like Blojsom, FreeRoller etc. WordPress is better in terms of features. It looks like I just may have to design my own to get what I want
@yk
> Nobody’s forcing you to use Wordpress
That is not a valid argument. I am commenting on WordPress as a product and the expected commitment to the users. WordPress happens to be free, however that shouldn’t change the expectations from a good product. The rules of the game do not change.
> , and I don’t think they have any legal responsibility to you.
Neither do I. However great support and cohesive product development plan makes a great product.
> Rather than rant about the problems, why don’t offer to help? Given your knowledge I’m sure you’ll be an asset to the dev team.
I had given it some thought. However at present I am over 100% scheduled for this year. I do however contribute plugins whenever I have time and I am thinking of publishing an architecture document for WordPress.
May 29th, 2005 at 4:15 pm
I agree with your sentiments.
I suppose part of the process of open source software is early growing pains.
Maybe most development time should be spent on just fine tuning WP 1.5 for a very long time to make it the most perfect and stable version.
The tempation is always to make another big version upgrade with tons of bells and whistles. I would love to just see wp 1.5 fine tuned and made very stable.
May 30th, 2005 at 9:04 pm
@Thomas
WP 1.5 is a pretty good product as it is. I think they should focus to make it very stable and bug free for the next 6 months or so, before attempting to add new features.
May 31st, 2005 at 12:29 pm
I don’t disagree with your comments. What I tried to express is that ideally the consumer should affect the popularity of a product. If it’s bad, then no one would use it.
But being no economist, I wonder why it doesn’t apply in the real world. Lack of alternates perhaps?
May 31st, 2005 at 9:19 pm
> What I tried to express is that ideally the consumer should affect the popularity of a product. If it’s bad, then no one would use it.
I fully agree with you. It is the final word. However when customer expresses his opinions, often it is too late to rectify. So companies go out of their way to solicit opinions.
> But being no economist, I wonder why it doesn’t apply in the real world. Lack of alternates perhaps?
The timing issue mentioned before, lack of alternatives as you mentioned and marketing.
Looking at how much Coke and Pepsi sells every day you can estimate the power of marketing. What is Pepsi & Coke but carbonated sugar water? And they don’t taste great either.
Look how much they sell these unhealthy products which doesn’t quench thirst (makes you dehydrated actually) and actually inferior to plain or lime water.
Its all due to marketing