[wp-hackers] Wordpress 3.0, can we finally get a LTS version?
jer at simianuprising.com
Fri Jun 18 14:01:18 UTC 2010
+1 for backporting security patches by one version. This will let enterprise
sites have ~6months between mandatory upgrades instead of 3, which would
make a big difference, while also keeping it reasonable for the devs.
For the record there are so many good reasons why the 2.0 LTS experiment
failed that its IMHO not even worth considering it when contemplating future
- It was driven by the demands of Debian and not the
community/developers. This alone probably doomed it.
- 2.0 was probably the buggiest release of WP ever. It added a ton of new
features that kind of worked but felt really strange. It had a full UI
reworking without the user testing that went into subsequent UI overhauls.
It was also the first use of the visual editor, and it was a nightmare that
needed to be disabled immediately.
- The plugin API was very immature at that point compared to everything
since 2.5 or so.
- Few enterprises (LTS customers) were using WP because compared to today
it really was 'just a blog'. There were few CMS-y plugins and no big players
(NYT) had committed to it yet.
- WP SECURITY PROBLEMS DIDNT REALLY EXIST YET. This is probably the most
important one. The large-scale WP exploits didn't start until around version
2.2/2.3. That was when we all started freaking out about upgrades and
demanding that all users upgrade on release day or be damned. By the time
security became a big issue everyone had already moved on past 2.0,
especially plugin and theme developers. Once we knew that versions and
upgrading were issues we should pay attention to it was already too late for
the 2.0 branch. The only "LTS" option was to build new sites using an almost
completely dead branch of the software which also happened to be buggy and
I was probably one of the few people who kept running 2.0.x for years on my
own personal site. I ended up getting hacked despite staying on top of the
releases, though I was mostly expecting it by the time it happened, since
there had been no new releases for so long.
Here's to a secure 3.0 (and 3.1 and 3.2)!
As far as I'm concerned 3.0 is the release that comes after the longest safe
period in the history of WP, I can't even remember when the last real
exploit wave happened that wasn't more than a release behind the current
one. I'm pretty sure 2.8.4 is still secure, a testament to all the work
that's been put into WP since 2.0 and those tragic dark ages of 2.3.x :D
Code and Design | globalvoicesonline.org
More information about the wp-hackers