In any case, Matt recently admitted that a problem the community has is rejecting good arguments made in a poor manner. I would guess he’d classify this as just such an argument but I don’t know what else to call it when you have release after release for security reasons.

And to top it off, it’s not because new exploits have been found, it’s because people haven’t closed the doors behind them so to speak.

Again, I want to emphasize that I don’t blame the WP Dev community as most of them are donating their time and aren’t making a living off WordPress. There’s only so much a community like that can do. That’s why I’d like to see someone who’s full time job is dedicated to securing the platform.

And, again, WordPress is required to be open source based on the licensing it inherited from its predecessor. Sure Automattic could charge for it but there would be forks of each release and it would be fairly pointless.

So while I appreciate the WP dev community’s time & I don’t downplay the fact that Matt’s hard work got us to this point, please let’s drop the argument that he or Automattic are some sort of charity workers only helping us out of the kindness of their heart. They’ve got a million dollar business riding on WordPress.

Anyone making the argument that people shouldn’t try to make money off open source platforms should keep that in mind as well.

Anyway, thanks for your comment Jason and I’m sure many would agree with you that my style of blogging isn’t as helpful as it could be, but I get pissed off when such obvious solutions are available but none are taken.

However, regardless of anyone’s feelings or problems, complaining about the quality of a FREE system is the definition of foolish and ungrateful behavior. I would have liked to have seen a post written in a more positive manner. I think this type of commentary is destructive – when some people in the WP Dev community read this type of post, I would imagine they find it very discouraging. That’s a bad thing.

“WP is kind enough to provide us the publishing platform for free, a place to report bugs, and gives security releases when known issues arise.”

Please. Automattic plays the role of open source defender because it strengthens their position in the marketplace by making sure any potential competitor is working only with the mediocre “free code”. If they were really about doing the right thing, they would release all the custom code they’ve developed. But they don’t. Instead, they just bully anyone who might try to truly make things better by making sure they have some type of real revenue stream to fund their development.

However, WordPress is not “kind” for making the platform open source. It was built on the remains of another open source platform which if I recall correctly requires it to be open source.

There will never be a perfect system, you’re right. However, the recent rash of security patches due to people just not coding new features properly illustrates where the priorities are. They spend a lot of time giving us new features (which everyone loves, because hey, who doesn’t like new stuff?) but they don’t devote the required resources to catch mistakes like this.

If there’s money there (few if any other than Matt knows) dedicate it to a security expert. If not, raise some funds for one to at least show that they’re serious about it.

The developers that are working on the core are donating their time already, does WordPress leadership really expect them to be able to handle security competently as well?

I do agree with you that it would be great if more money could go into WordPress development. But there is no way to make any platform perfect and no matter which one we choose, there is always a need for updates.