I just confirmed *again* that upstream is committed to supporting Wordpress 2.0.x until 2010.
So where is the burden to the security team? Packages in stable with committed upstream security support is probably the exception more than the rule. So one would think, like I do, that Wordpress is in fact a good example of a package to include in a Debian stable release.
signature.asc
Description: Digital signature