Danny: What Raphael did last time was a sync request, and you can see how it worked out in this bug: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/886876 There is a Wordpress 3.9 package in sid right now: https://packages.debian.org/unstable/web/wordpress so a resync is likely feasible again.
But there appear to be 2 more fundamental issues here... 1) Ubuntu has no package maintainer for Wordpress, or at least no active one. In my opinion, it would be better to drop the Wordpress package entirely than to leave it in it's current unmaintained state. It is, by design, an internet facing service and to be missing security fix after security fix is a bad idea that's going to bite Ubuntu users at some point. 2) Wordpress.org's release roadmap and end-of-life policity are fundamentally incompatible with Ubuntu's. They cannot be reconciled. I think this has gone unnoticed for so long because Wordpress.org's policies are implicit and not formally documented anywhere... but it seems that they only release security fixes for the last 3.x release or two. Like with Firefox and other browsers, Ubuntu needs to sync Wordpress with the latest release relatively promptly... which isn't likely to happen without (1) being resolved. In the meantime, I (the original bug reporter) have stopped using Ubuntu's Wordpress packages. I'm not willing to step in as a maintainer at this time, and am too worried about the lack of maintainership/updates to use the Ubuntu package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/883955 Title: Wordpress is out of date, possibly vulnerable to exploitation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/883955/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
