Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [wp-testers] Keeping Up-to-date

  • To: wp-testers@xxxxxxxxxxxxxxxxxxxx
  • Subject: Re: [wp-testers] Keeping Up-to-date
  • From: Roy Schestowitz <wp-lowtraffic@xxxxxxxxxxxxxxx>
  • Date: Sun, 22 Jan 2006 12:23:35 +0000
  • Delivery-date: Sun, 22 Jan 2006 12:23:36 +0000
  • Envelope-to: wp-lowtraffic@schestowitz.com
  • In-reply-to: <4d2c128c0601220322s77407575x89b5e7f545ed0604@mail.gmail.com>
  • References: <4d2c128c0601220206q733fa06cke6c264c2f831787d@mail.gmail.com> <43D35DF3.7000504@tamba2.org.uk> <4d2c128c0601220249q96ec5bdj32603ff1630b86d5@mail.gmail.com> <43D36827.4030109@tamba2.org.uk> <4d2c128c0601220322s77407575x89b5e7f545ed0604@mail.gmail.com>
  • Reply-to: r@xxxxxxxxxxxxxxx
  • User-agent: Internet Messaging Program (IMP) H3 (4.0.3)
__/ On Sun 22 Jan 2006 11:22:06 GMT, [Sean Hayford O'Leary] wrote : \___

On 1/22/06, Podz <podz@xxxxxxxxxxxxx> wrote:
Sean Hayford O'Leary wrote:
> Could you list the pros and cons?

One off install.
Prominent message

Prominent message if you choose not to upgrade
If wherever the information is grabbed from updates before the dev blog
post it could lead to confusion (I don't know the who / how)
No explanation of the version (which there should be. For instance 1.5.2
is still a stable product so upgrading for the new code is advised if
you want that, but it's safe to stay where you are.)
If they then switch the plugin off, they could miss something important
(if the system were a little more flexible).

Some sort of messaging would be good, but then that's what the dash was
for - and the contents of that have been removed or altered by many.

My feelings are that a new release (or update) generates a lot of buzz
which most should hear about. Maybe also some people choose not to
upgrade and for others with older code, there is no way of telling them

Choice -- yeah, but I can't imagine it would be do difficult to insert an option to turn the function off.

Here's what I picture: a person had a more tech-central friend install
a copy of WordPress on his hosting. The user continues to use it for a
while, knowing that as long as he pays the hosting bill, it stays up.
Then comes a security flaw with the code that he's using. His friend
isn't keeping track of his blog, and how should he know that it needs
to be upgraded?

This is a real situation to me. When I design websites for clients, I
freqently use WordPress as a CMS. In two years, when there's a
vulnerability with some code used in 1.5 or 2.0, how should that user

Sean makes a valid point. This has been a serious issue with packages like phpBB and PHP-Nuke (among other lesser-known software). They have (had) a chain of critical flaws that could lead to XSS and bring down servers. Syndicating the front page of the projects was often a good solution, but there is 'noise' in such pages too (Nuke in particular, a slight bit in wp.org).

If your clients are not IT-savvy and do not make use of feeds, you could set
up a cron job one-liner. Such a job would send them an E-mail as soon as an
upgrade is made available. Another option is to use a script to patch up
the installation every night. Stability then becomes the issue, not

With kind regards,


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index