[wp-hackers] Making Updates Friendlier?

Dougal Campbell dougal at gunters.org
Wed Sep 9 18:38:14 UTC 2009

On Sep 9 2009 1:05 PM, Jeremy Clarke wrote:
> On Wed, Sep 9, 2009 at 10:56 AM, Hacker Scot<shacker at birdhouse.org>  wrote:
>> On Sep 9, 2009, at 5:00 AM, wp-hackers-request at lists.automattic.com wrote:
>> This is something the Drupal world gets right, IMO. Lots of security
>> information consolidated here: http://drupal.org/security also available as
>> RSS feeds and ALSO available as email. I subscribed to the emails for a
>> while and was really impressed that they covered not just core but issues
>> with 3rd party Drupal modules as well.  This kind of thing could have a huge
>> security benefit for WP.
> Not sure who's in charge of it but WP's updates email list is
> completely desolate most of the time. It should have strongly worded
> terrifying emails when there are security updates. As it is its pretty
> neglected, and IMHO the dashboard feed just doesn't replace it. Lots
> of people use WP casually, and the once or twice a month they log in
> they don't have time to read everything on the dashboard.

This is a good point. When was the last time that the 'wp-announce' 
mailing list was actually used to notify people of a new WP version? I 
can't find the archives, and I sure can't remember it happening anytime 
recently. I vaguely recall Matt sending *something* to the announce list 
a few versions back, but I'd probably have to grep through a few 
gigabytes of old emails to find it.

I think it would be great if part of the installation procedure for a 
new WordPress site was to add a checkbox (checked by default) prompting 
the user to opt-in to the wp-announce mailing list. This would be on the 
same screen that asks for the initial administrator email address. It 
could give a short message explaining that the mailing list is very low 
volume (typically less than one message per month), it will only be used 
to send important update information, and that the email address will 
not be shared with third-parties (etc.).

Then (and this is the key), actually USE the wp-announce mailing list 
for what it's there for. Make it part of the standard procedure 
checklist for new releases. In fact, there should probably be an 
announcement at the first Beta and Release Candidate milestones, as well 
(not every interim beta and rc, just the initial "hey, we're beta 
testing, you might want to start your own tests to get ready for the new 
version", and "hey, we've reached release candidate stage, things should 
be pretty stable, and we're trying to knock out the last few bugs before 
official release").

AND, when a security issue becomes known, an announcement should be 
made, as well. I know that opinions vary on exactly *when* security 
issues should be announced: as soon as known -- even before a patch is 
available, or only after a patch is ready for the public? I don't think 
this is the time or place for that discussion, but I think making the 
announcements by email as well as via the dev blog (and thus the 
dashboard news) is important. I think there are more people than we 
might think who hardly glance at the dashboard. Maybe the news blocks in 
their dashboard are just "below the fold" and they don't see it. Maybe 
they actively ignore it (do a search for "dashboard" in the plugin 
repository and take note of how many mention turning off the news 
feeds). Maybe they're just old-school and prefer email, and miss the 
days of Usenet. Whatever the case, I think that adding email 
announcements has got to be a Good Thing. And it could pretty easily be 
automated. Just set up the Dev Blog to relay any posts made in the 
"Announcements" category, or something like that.

(And BTW, I think there are a lot of things that the WordPress and 
Drupal communities can learn from each other. Both have a lot of good 
points to them that the other could borrow. I might have a blog post 
about that later, if I can find the time.)

Dougal Campbell <dougal at gunters.org>

More information about the wp-hackers mailing list