WP Tavern › Forums › Create Topic
Nate Wright While I appreciate the sentiment, I have to disagree. The plugin ecosystem — even just widely respected plugins — is not stable enough. The extraordinary success of WordPress’s auto-updates is the result of pairing an extremely capable set of hands with a very mature piece of software. While I realize there isn’t always an immediate need to update a plugin unless it’s a security release, it’s a good idea to keep them updated regardless. This is only an accurate sentiment in the context of a piece of software with an intense commitment to backwards compatibility. Plugin updates frequently modify HTML markup, CSS code and other extensible components without even considering backwards compatibility. Sometimes this is a necessary part of the software’s evolution. Automatic updates would increase the market cost for good software to evolve. Automatic updates would also significantly increase the damage a broken update can do. Fixing a critical error in the first 24 hours after release can save 95% of users. If the plugin repository enforced semantic versioning, so that n.n.n releases only represented critical security fixes and minimal bug fixes, then perhaps automatic updates by default could work in that context. But it would take a ridiculous amount of manpower to police this. An alternative would be to implement a security patch system, which could deliver automatic updates to selected versions to fix security issues when they are identified. In this scenario, a plugin author, in coordination with the plugin repo managers, would patch whatever versions were still in wide use with a special version which only fixed this security issue in the most minimal way possible. So if 70% of users were spread across three versions, they could provide a patch for each version. Perhaps that could be delivered automatically. But again, we’re talking about a significant increase in monitoring and policing for the plugin repo folks. I wouldn’t envy them the workload. At the end of the day this is a problem that needs to be solved by developers. Don’t break your shit and over time people will begin to trust your updates. A few people will never update, but that is their (ir)responsibility. We can educate, encourage and build trust. But there will always be hobbyists, lazy developers and overworked low-budget web shops that sold a client a product at a price they can’t afford to maintain. Bullying them with automatic updates will just push more of them into avoidance strategies. (Having said all that, a feature to opt-in to automatic updates on a plugin-by-plugin basis would be nice!)
Nate Wright
While I appreciate the sentiment, I have to disagree. The plugin ecosystem — even just widely respected plugins — is not stable enough. The extraordinary success of WordPress’s auto-updates is the result of pairing an extremely capable set of hands with a very mature piece of software.
While I realize there isn’t always an immediate need to update a plugin unless it’s a security release, it’s a good idea to keep them updated regardless.
This is only an accurate sentiment in the context of a piece of software with an intense commitment to backwards compatibility. Plugin updates frequently modify HTML markup, CSS code and other extensible components without even considering backwards compatibility. Sometimes this is a necessary part of the software’s evolution. Automatic updates would increase the market cost for good software to evolve.
Automatic updates would also significantly increase the damage a broken update can do. Fixing a critical error in the first 24 hours after release can save 95% of users.
If the plugin repository enforced semantic versioning, so that n.n.n releases only represented critical security fixes and minimal bug fixes, then perhaps automatic updates by default could work in that context. But it would take a ridiculous amount of manpower to police this.
An alternative would be to implement a security patch system, which could deliver automatic updates to selected versions to fix security issues when they are identified. In this scenario, a plugin author, in coordination with the plugin repo managers, would patch whatever versions were still in wide use with a special version which only fixed this security issue in the most minimal way possible. So if 70% of users were spread across three versions, they could provide a patch for each version. Perhaps that could be delivered automatically. But again, we’re talking about a significant increase in monitoring and policing for the plugin repo folks. I wouldn’t envy them the workload.
At the end of the day this is a problem that needs to be solved by developers. Don’t break your shit and over time people will begin to trust your updates. A few people will never update, but that is their (ir)responsibility. We can educate, encourage and build trust. But there will always be hobbyists, lazy developers and overworked low-budget web shops that sold a client a product at a price they can’t afford to maintain. Bullying them with automatic updates will just push more of them into avoidance strategies.
(Having said all that, a feature to opt-in to automatic updates on a plugin-by-plugin basis would be nice!)
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
