Your third point though is from early 2005. Have they done anything to correct the stupidity since then?

Also we didn’t fork the codebase, but as part of our commitment to Debian we’ve promised to keep maintaining the 2.0 branch for security fixes until 2010. We’ve always maintained old versions for about a year, but this is a bit longer. So far it has gone well.

2. While it sucks one of our servers was hacked, I certainly tried to respond to it as quickly and transparently as possible. It wasn’t easy asking everyone to blog about the worst thing that has ever happened to the project. Similar things have happened to other open source projects in the past, including Apache, I don’t think anyone is immune.

3. It’s been over 2 years now since the dumb hotnacho article mistake I made. At the time I didn’t really understand web spam in the broader sense as you describe it, but that’s still no excuse. I don’t think I was let off easy, in fact it was one of the toughest periods of my life, and it happened in the public eye of the blogosphere and mainstream media. In the years since I’ve devoted a lot of my time to Akismet, which is an anti-web-spam service which has blocked over a billion spam comments, trackbacks, signups, wiki edits, and more. (Akismet is platform-agnostic, and in fact is one of the more popular plugins for MT.) We also spend a ton of resources keeping sploggers and spam off WordPress.com, something much bigger players don’t pay as much attention to. I appreciate your forgiveness, but I’d hope my actions since then would speak loader than my words.

Anyway I just wanted to drop my two cents in, I’m sorry my personal actions drove you away from a thriving open source community and I hope if you keep an eye on WordPress we’ll regain your respect in the future.

1. The rapid succession of bug fix releases says to me that things are going out the door with problems.

2. I agree that not everyone is immune, and even said as much. It’s still unacceptable. The hard part for me is that not everyone in the WordPress community (particularly end users) is competent enough to do the fixes themselves and I reckon a lot of them don’t even know that these fixes are out there. Just take a look at how many people didn’t even upgrade to 2.0 let alone 2.11!

3. I think you were let off easy. Frankly, I’m very connected to the community. I own a hosting company and my partner does WordPress layouts. We both have installed WordPress numerous times both for ourselves and our clients. Neither one of us heard about this until this weekend, which means that most people probably didn’t even know about it (in fact, read the two comments above yours…).

I don’t think we should flog you in the streets. WordPress is a great product. My only problems with it ever were the utterly useless forums where when you ask a question someone calls you a n00b or asks you to kindly read the FAQ or something. I don’t even have a problem with you in particular. Really.

I have a problem with what your actions represent. I’d feel the same way if I found a police officer with a stash of coke in his garage.

Akismet is great (I swear it’s probably the greatest piece of blog plugin software I’ve ever seen and I’m using it with MT, it was one of the first things I installed) but the need for Akismet stems from the disaster of Spam Blogs which WordPress themselves created!!

I’m sorry but I can’t support that.

I wish you all the best, Matt. I understand that you’ve learned your lesson and like I said earlier, I appreciate your comments here.

Who knows… Maybe one day WordPress will find its way back into my heart again.

2. As part of the announcement we encouraged people to help out any friends who were unable to upgrade, and worked with hosting providers as well. To date there have been *no* reported compromised blogs as a result of the problem, and our internal stats show that the upgrade message got out there really well. I would estimate there are at most a few dozen vulnerable 2.1.1 blogs left in the world.

3. If you didn’t know about the incident, it’s probably because you joined the community at least several months after it happened. It was covered on hundreds of blogs and MSNBC, The Register, Guardian, CNET, etc, and is still to this day promoted by people who have beef with me. It’s also on my Wikipedia page.

However if you still missed it, it’s probably because *I’m not WordPress*. Again, I’m very sorry that my personal mistakes caused you to dismiss the work of hundreds of passionate volunteers over several years.

2. Again, that sounds like spin. Understand I don’t blame you directly for what happened, but that doesn’t make it any more acceptable. I stand by my original point that this rapid succession upgrade process (which seems the way things roll now) will undoubtedly leave people behind.

3. I started using WordPress in March of 2003 and have been blogging since January of 2002. I guess “all over the place” is more about perception than anything else. From the inside (ie: You and the WP team), I’m sure you couldn’t escape it. From the outside (ie: everyone else) this sort of thing just wasn’t that big a deal.

Either way, it’s a moot point. What’s done is done and all that jazz. I’m just annoyed that one of the biggest banes of a blogger’s existence can be traced back to the creators of one of the most popular software for blogging out there. You’ll understand if I don’t feel like I’m “throwing away” the work of others.

As for the repeated refrain “I’m not WordPress…” here’s your Wikipedia opening:

Matthew Charles Mullenweg (born January 11, 1984 in Houston, Texas) is an entrepreneur living in San Francisco, California.

He is the founding developer of the popular open-source blogging software WordPress and writes a popular blog Photo Matt. After quitting his job at CNET, he has devoted the majority of his time to developing a number of open source projects and is a frequent speaker at conferences.

In late 2005, he founded Automattic, the business behind WordPress.com and Akismet.

You’ll understand if I chuckle when you say you’re not WordPress. You may not be the whole company, but you’re a lot more than a mailroom shlub.

Akismet is great (I swear it’s probably the greatest piece of blog plugin software I’ve ever seen and I’m using it with MT, it was one of the first things I installed) but the need for Akismet stems from the disaster of Spam Blogs which WordPress themselves created!!

I’ve been trying to get wrapped around that line of thinking since reading your post. What kind of monetary gain is there from Akismet? It’s offered freely, so I’m imagining at most not that much. Though, if there is some sort of gain to be had, this is poisoning everyone’s water (creating the problem) and selling the antedote for $100 a pop (profiteering with the solution).