[wp-hackers] Making Updates Friendlier?
Dougal Campbell
dougal at gunters.org
Wed Sep 9 18:38:14 UTC 2009
On Sep 9 2009 1:05 PM, Jeremy Clarke wrote:
> On Wed, Sep 9, 2009 at 10:56 AM, Hacker Scot<shacker at birdhouse.org> wrote:
>
>> On Sep 9, 2009, at 5:00 AM, wp-hackers-request at lists.automattic.com wrote:
>> This is something the Drupal world gets right, IMO. Lots of security
>> information consolidated here: http://drupal.org/security also available as
>> RSS feeds and ALSO available as email. I subscribed to the emails for a
>> while and was really impressed that they covered not just core but issues
>> with 3rd party Drupal modules as well. This kind of thing could have a huge
>> security benefit for WP.
>>
> Not sure who's in charge of it but WP's updates email list is
> completely desolate most of the time. It should have strongly worded
> terrifying emails when there are security updates. As it is its pretty
> neglected, and IMHO the dashboard feed just doesn't replace it. Lots
> of people use WP casually, and the once or twice a month they log in
> they don't have time to read everything on the dashboard.
>
This is a good point. When was the last time that the 'wp-announce'
mailing list was actually used to notify people of a new WP version? I
can't find the archives, and I sure can't remember it happening anytime
recently. I vaguely recall Matt sending *something* to the announce list
a few versions back, but I'd probably have to grep through a few
gigabytes of old emails to find it.
I think it would be great if part of the installation procedure for a
new WordPress site was to add a checkbox (checked by default) prompting
the user to opt-in to the wp-announce mailing list. This would be on the
same screen that asks for the initial administrator email address. It
could give a short message explaining that the mailing list is very low
volume (typically less than one message per month), it will only be used
to send important update information, and that the email address will
not be shared with third-parties (etc.).
Then (and this is the key), actually USE the wp-announce mailing list
for what it's there for. Make it part of the standard procedure
checklist for new releases. In fact, there should probably be an
announcement at the first Beta and Release Candidate milestones, as well
(not every interim beta and rc, just the initial "hey, we're beta
testing, you might want to start your own tests to get ready for the new
version", and "hey, we've reached release candidate stage, things should
be pretty stable, and we're trying to knock out the last few bugs before
official release").
AND, when a security issue becomes known, an announcement should be
made, as well. I know that opinions vary on exactly *when* security
issues should be announced: as soon as known -- even before a patch is
available, or only after a patch is ready for the public? I don't think
this is the time or place for that discussion, but I think making the
announcements by email as well as via the dev blog (and thus the
dashboard news) is important. I think there are more people than we
might think who hardly glance at the dashboard. Maybe the news blocks in
their dashboard are just "below the fold" and they don't see it. Maybe
they actively ignore it (do a search for "dashboard" in the plugin
repository and take note of how many mention turning off the news
feeds). Maybe they're just old-school and prefer email, and miss the
days of Usenet. Whatever the case, I think that adding email
announcements has got to be a Good Thing. And it could pretty easily be
automated. Just set up the Dev Blog to relay any posts made in the
"Announcements" category, or something like that.
(And BTW, I think there are a lot of things that the WordPress and
Drupal communities can learn from each other. Both have a lot of good
points to them that the other could borrow. I might have a blog post
about that later, if I can find the time.)
--
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/
http://twitter.com/dougal
http://twitual.com/
More information about the wp-hackers
mailing list