[wp-hackers] Plugin update & security / privacy

Matt Mullenweg m at mullenweg.com
Sun Sep 23 22:32:49 GMT 2007

Kimmo Suominen wrote:
> Why are the plugin versions sent to the server?  It should be
> enough to send the plugin filename and/or name, so the server can
> return a list of current versions.  The client (WP) can then figure
> out which plugins need updating.

The system was designed to keep the client side as light as possible so 
the heavy lifting can be done on the server side, allowing us a lot more 
flexibility and agility in adapting the service as it gets rolled out 
and evolves.

For example right now nothing is done with regards to localization, but 
because of the data being sent and the lightness of the client side we 
could introduce that feature in the future without having to update 
every install of WordPress in the world. This philosophy has worked very 
well for Akismet over the past 2 years. I believe it is also the best 
approach for WordPress.

Today the server does basically nothing, no logging, no analysis, no 
stats, it's just designed to be as fast as possible since I don't know 
what type of impact 2.3 is going to have on api.wordpress.org. In the 
future, however, I think there is a lot of room to grow it, particularly 
once we take updates to the next step and allow people to 
upgrade/install things with one click from their dashboard.

Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com

More information about the wp-hackers mailing list