

Client Wants Me To Support WordPress 2.7?? - volomike

My client wants me to code WP plugins so that they support WordPress 2.7 and higher instead of WordPress 2.9.2 and higher. He tells me this on a very tight deadline after countless thousands of lines of code have been written.<p>Please help me deflect this. I need to show him just how vulnerable a WordPress 2.7 install is, and why 2.9.2 or higher is necessary. I need to show him that perhaps jQuery might not even work if we don't have greater than 2.7, and we rely a good bit on jQuery.
======
volomike
Here are some hard facts I have found out:

A query on "wordpress 2.7 vulnerability" shows 29,000 results while "wordpress
2.9.2 vulnerability" shows 11,800 results.

WordPress 2.7 was released back in February of 2009 -- we're a year and half
practically away from that time.

There's nearly 3 times as many vulnerabilities with WordPress 2.7 as WordPress
2.9.2.

There were a total of 2,181 bugs/problems/issues/concerns that were closed
between 2.7 and 2.9.2.

There were also several jQuery differences between 2.7 and 2.9.2 which could
make jQuery functions fail.

Here are all the bug reports filed between versions 2.7 and 2.9.2:

Starting from 2/10/2009 when 2.7 was out:

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.7)

672 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.7.1)

74 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.7.2)

43 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8)

786 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.1)

54 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.2)

1 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.3)

5 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.5)

14 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.6)

2 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.9)

505 bugs/problems/issues/concerns

[http://core.trac.wordpress.org/query?status=closed&group...](http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.9.1)

25 bugs/problems/issues/concerns

------
jacquesm
Hey Mike,

That looks a little late in the process to start arguing with a client about
something that should habe been part of the spec from the beginning. Funny, I
_just_ posted a link about that: <http://news.ycombinator.com/item?id=1376083>
, but that isn't going to help you much.

Khao advises you to google, I'd second that, with the addition that maybe it
would be best if you confined your searches to reputable news sites, that
usually carries a lot more weight than a few numbers.

That way you can let others with authority speak for you, and hopefully
they'll make a more compelling case.

If there is a really good reason why the customer wants to do it their way on
their servers, maybe you could offer to host it on your servers to get past
the deadline, cut you some slack and then after the deadline you'll help
analyzing the situation with respect to backwards migration.

In my experience, temporary solutions are amongst the most durable things in
software.

best of luck!

~~~
volomike
> "That looks a little late in the process"

I made some assumptions unfortunately. Now if he makes me also have to support
PHP4, I'll hang myself. (Not really.)

~~~
jacquesm
> I made some assumptions unfortunately.

Yes, been there, done that, have several t-shirts.

Live and learn. That's one mistake you won't be making again (for a while, at
least). But it still sucks to be in this situation.

> Now if he makes me also have to support PHP4, I'll hang myself.

Please don't do that. However if visual basic is mentioned then you might have
to go through with that, but I'd suggest hanging the client instead. It's
rude, not good for business but it drives home the point ;)

In my experience, with some man-to-man (or whatever the applicable genders)
talks you should be able to work it out, if the customer can be brought to
your side of the table then you've solved it. One way of achieving that is to
move to their side of the table, and make a list of the consequences, and have
them agree - preferably in writing, an email will do - that they take
responsibility for any consequences of doing it 'their way', and that any work
over and beyond the agreed upon will be billed separately.

That might make them a lot more amendable to reason.

------
Khao
Search for "wordpress 2.7 vulnerability" on google : 369k results Search for
"wordpress 2.9.2 vulnerability" on google : 11k results

It might show him how dangerous it is to use an old version of Wordpress. It's
like using windows XP with Internet Explorer 6

------
teyc
Firstly, explain that there is not enough time. Then, estimate the testing
effort and show them. Then suggest a revised timeline. Be as professional as
possible.

~~~
volomike
Awesome idea. This one might work.

