Oops. I wrote this piece yesterday, wishing that WordPress offered Long Term Support for occasional releases, along the lines of Ubuntu. I then get a comment from Mr WordPress himself, Matt Mullenweg, telling me that there actually is a long-term supported release. Here it is for the record...
The official policy from Team WordPress about software upgrades, as described by Matt Mullenweg last month, is pretty straightforward: when we release a new version, you should upgrade. Like, immediately. But when you're dealing with the corporate world, where you deliver a project and effectively walk away, it isn't quite so simple... and I'd personally welcome a Long Term Support approach along the lines of Ubuntu.
WordPress was built for bloggers: technically literate self-publishers, with some grasp at least of what's involved in running a website. But as I've documented here countless times, and as my continuing mortgage payments demonstrate, comms professionals with no particular IT skills find its convenience, flexibility and simplicity (not to mention the price) equally appealing.
But the chink in the armour, if you like, is WordPress updates. Corporate projects tend to come with lists of requirements, which push well beyond normal blog-based sites. Normally, these requirements are achievable using plugins or a bit of custom code. But as Matt acknowledges, when an upgrade comes, there's no guarantee that a particular plugin will work. And even worse, given that most plugins are offered up by volunteers, there's no guarantee that the plugin will be updated accordingly.
I'm afraid Matt's assertion that 'having a secure site is much more important than the functionality of a single plugin' won't really stand up in the corporate context. You'll ultimately face a decision between a site which might be at risk, but does everything you want; or (to put it provocatively) an under-performing site which still won't be 100% secure anyway, because nothing ever is. And I'm afraid most marketing or communications people will choose the former.
There's also the issue of the high-visibility upgrade notifications in the more recent WordPress releases. Whilst these are fantastic for those of us who run our own server setups, and aren't scared of the upgrade process, I've had several phone calls from clients who are seeing this warning, and panicking (I'd say) unnecessarily. And I can't honestly promise them that 'hey, just do it, nothing can possibly go wrong.'
There is a compromise solution here: and that's the model of Ubuntu's Long Term Support releases.
There's a new version of Ubuntu's Linux package every six months, with a promise to offer product support (ie minor fixes) for at least 18 months. But some of these are designated as having Long Term Support: these come with a promise of three years' worth of fixes for the desktop version, and five years' worth for server versions. It doesn't mean that you'll never have to do a major upgrade. But it's a guarantee that the fundamentals won't change for a considerable period - long enough to put the IT manager's mind at rest.
That's the kind of commitment I'd value as a WordPress 'developer'. I want to present pitches to clients based on guarantees, not probability. And I've seen specific examples of excellent WordPress plugins, perfectly secure and stable in their own rights, which suddenly become obsolete because something changes in the next major WordPress release. Looking back, the changes are almost certainly for the better overall; but not if I've built a particular function around a particular plugin which no longer works.
The v2.5 release of WordPress takes it to a new level of maturity. A policy of LTS releases, ideally via simple 'overwrite this file with that file' patching, would signal the product's readiness to be taken most seriously in corporate environments. And it would make an already strong proposition almost undeniable.
... and here's the info about the 'legacy 2.0 branch' which is almost exactly what I was asking for. Now, I consider myself fairly well versed in the ways of WordPress, but I'd never even heard of this, and various Google searches yielded nothing.
I guess my only response would be that the description of the legacy branch needs to be rethought. The word 'legacy' (to me anyway) sounds negative; the idea of 'Long Term Support' sounds positive.
My thanks to Matt for correcting me, without making me sound like a total idiot.