Oh No! Yet Another WordPress Fix to a Fix to a Fix to a Fix

WordPress team has come up with yet another security fix (1.5.1.2), which fixes the fix (1.5.1.1), which fixes the fix (1.5.1), which is a fix for undisclosed security defects in WordPress 1.5.

Update: Now it should read: WordPress team has come up with yet another security fix (1.5.1.3) which fixes the (yet another undisclosed security risk) fix(1.5.1.2), which fixes the fix (1.5.1.1), which fixes the fix (1.5.1), which is a fix for undisclosed security defects in WordPress 1.5.
Ok now I am jaded. I have provided a patch for others like me to easily upgrade from 1.5.1.2 to 1.5.1.3.

Are you confused? I am not but I am not happy either. It is clear that this code needs a serious third-party security audit.

I am not a happy camper at how the security is being handled by this product. It is just patch-as-you-go approach combined with security-by-obscurity.
News Flash! It doesn’t work. Obviously the software is not being well tested before hasty releases as was clearly evident from the way 1.5.1 was broken at several places.

This time around at least they cared enough to provide the patch for users who are unwilling to upgrade the product. Last time around (1.5 to 1.5.1) they refused to provide an independent patch. I had posted to the support site and had written to Matt, the key developer and haven’t received any response from him. I was told in forum that he is a very busy person (no doubt with all these fixes), implying he doesn’t have time to respond to his users.

Do you expect this of any production quality software or service provider? I can contact my web hosting provider in less than a minute and lately having my problems addressed in under 5 minutes on average.

I am assuming someone will politely point out that it is a free product and they are trying hard in their spare time…
But I want a quality product. I had chosen WordPress because I was impressed with the features and during my brief evaluation I couldn’t find much quality issue except some shoddy code in places, but it was better of the worst for the features I was looking, especially strong spam protection features.

I am not using WordPress because the price is free. I expect quality from any product I use and open communication. If there is a problem, I need to know about it and how can I patch it without affecting other sections which are working.

My recent experiences indicated some lack of robustness in the product too. More on it later.

I am also trying hard to see it as an isolated issue as I had excellent support with few other Open Source products like POI or SpamBayes. However logically I can see sooner or later all Open Source project will have to suffer from the same problems. Why?
Software requires money to develop. Normally OSS folks do their stuff in free time. However sooner or later their managers are bound to realize that these OSS folks are having too much spare time on their hands and adequately load them with paying work. Also they themselves realize that Open Source doesn’t pay and bring food on tables, so they divert their attention to profitable ventures. Not everyone is born with a silver spoon. And what happens to the OSS project? Hopefully someone with loads of spare time takes it up, till he runs out of time, for fame and recognition. How sustainable is it?
Today’s big name Open Source projects are flourishing because of corporate sponsorship, mostly hardware companies with IBM mentality. How long do you think they will continue? Also they will sponsor limited products which ultimately benefits their bottomline.

As it stands today I am growing increasingly hesitant to recommend WordPress to quality and security conscious organizations and people.