I have no objections to security bugs getting fixed as soon as they're found - although I wish they'd write more robust code in the first place. What I object (at least as far as Wordpress goes) is enhancement releases that could potentially break plug-ins happening too quickly. How long did it take to go from 2.5 to 2.6? And 2.7 is coming out very shortly as well.
An automatic or semi-automatic upgrade would mitigate some of that problem, but only if plugin writers upgrade as well, or if they separated security fixes from functionality changes so I could, say, stick with 2.5 but still be up to date with the security patches until I was sure all the plugins I use work with 2.6 or 2.7 or (by that time) 4.0.
Whenever they are required. Keep in mind some users feel more secure getting updates regularly, while some just feel annoyed having a pop-up every day "There are 129 new updates to install! click here to wait 20 minutes to download, then another 10 to install them!"... you see my point.
For the area I work in, Industrial controls, very seldom. We typically do a major release very 2 years. Minor releases maybe every 3 to 6 months. Bug patch are of course a different story, they are released as needed. Even then few customers will upgrade existing systems. Of course in other domains, upgrades are more accepted.
There is no right answer, it really depends on the product.
I say monthly at most. Weekly/Daily is just too often, unless of course the application updates are done in a automated and transparent way, e.g. Firefox's update system
I would say in WordPress' specific case, they conflate "security updates" and "functionality updates". This is bad.
This would be like having to do an in-place reinstall of Windows every time a security bug was found, instead of simply downloading a small patch every week.
WordPress needs to have a security patch mechanism that's simple, fast, and easy for the security updates. A process that is separate from the normal upgrade flow of new versions.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 再贱就再见 的问题《How often should you release software updates? [cl》','https://www.manongdao.com/q-1318997.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have no objections to security bugs getting fixed as soon as they're found - although I wish they'd write more robust code in the first place. What I object (at least as far as Wordpress goes) is enhancement releases that could potentially break plug-ins happening too quickly. How long did it take to go from 2.5 to 2.6? And 2.7 is coming out very shortly as well.
An automatic or semi-automatic upgrade would mitigate some of that problem, but only if plugin writers upgrade as well, or if they separated security fixes from functionality changes so I could, say, stick with 2.5 but still be up to date with the security patches until I was sure all the plugins I use work with 2.6 or 2.7 or (by that time) 4.0.
Whenever they are required. Keep in mind some users feel more secure getting updates regularly, while some just feel annoyed having a pop-up every day "There are 129 new updates to install! click here to wait 20 minutes to download, then another 10 to install them!"... you see my point.
I'll suggest the following:
updateTime (in seconds) - the average time it takes for the user to perform the update
releaseDelta (in days) - the minimum time between releases
This formula is based on my theory that a user should have to spend no more than 8 hours in any given year waiting for updates to an application.
This also allows for frequent updating as long as the updates are done in a transparent manner without disrupting the end user.
For the area I work in, Industrial controls, very seldom. We typically do a major release very 2 years. Minor releases maybe every 3 to 6 months. Bug patch are of course a different story, they are released as needed. Even then few customers will upgrade existing systems. Of course in other domains, upgrades are more accepted.
There is no right answer, it really depends on the product.
I say monthly at most. Weekly/Daily is just too often, unless of course the application updates are done in a automated and transparent way, e.g. Firefox's update system
I would say in WordPress' specific case, they conflate "security updates" and "functionality updates". This is bad.
This would be like having to do an in-place reinstall of Windows every time a security bug was found, instead of simply downloading a small patch every week.
WordPress needs to have a security patch mechanism that's simple, fast, and easy for the security updates. A process that is separate from the normal upgrade flow of new versions.