A lot of the internet is powered by open source technology. WordPress being a perfect example. This article looks at the practices behind open source development and considers just how sustainable it all is.
One story looks at OpenSSL and how the heartbleed bug was accidentally introduced. But also, it looks at sustainability and the fact that OpenSSL, which is used by millions of devices was, at the time, maintained by just two people.
I have a lot of sympathy for them. I was responsible for the widespread problems with TimThumb from quite a few years back. The script was originally made by a developer called Tim, a friend of my theme shop partner at the time, Darren. I adopted the script and put it on Google Code where I maintained it for years.
Despite it being used in hundreds of WordPress themes, and despite there being loads of bug reports and support emails, I never had any help with the code. At least not until things went pear shaped, and even then there was only one developer who helped.
But what about WordPress? WordPress is the most popular CMS on the planet. Millions of websites rely on it. And it’s theoretically maintained by volunteers.
These days WordPress has a large contributing team that are sponsored by businesses in the WordPress space. Automattic is a big one, their influence is keenly felt. In particular over the last year or two where Matt has once again become the release lead. A lot of the component leads are Automattic employees too. Many of these people were prominent contributors before they joined the company so it does make sense but it also adds to the feeling that WordPress is driven by A8C.
Other prominent contributors include Google, who have fairly recently hired a team to work on WordPress.
There’s also a lot of large agencies who have people on staff who work full time on the WordPress project. It’s in their interest to ensure the software works well since they have built their business on it. By having developers work on the things they need, they can ensure WordPress continues to fulfill their needs long term.
But what about smaller development shops and individuals? There are still plenty of those who join in with the discussions and continue to contribute code, and ideas, documentation, and everything else.
I guess this is a side effect of popularity. Having such a massive user base means people are much more likely to help. And WordPress is a visible product; unlike OpenSSL a lot more people have heard of it, and a large group of the users are the same people who can improve it. Which they do through code contributions, or plugins, or training etc.
So do we need to worry about WordPress and sustainability of contributions?
My concern with WordPress is that we may end up with something akin to the free-rider problem mentioned in the article. Whereby the code is maintained by a small group of people – or in WordPress case – a small group of companies (Automattic, Google, etc) and most of the freelancers are either hired by those companies, or stop using the project because it’s going in a direction they don’t like.
We’re already seeing this to a degree with Gutenberg. People who were once diehard WordPress developers are now broadening their horizons. Many still use WordPress, but they may also consider alternatives now, where they used to use it by default.
And if development is controlled entirely by Automattic, what happens then? I believe they genuinely want to do what is best for the users, but I also believe that the ‘users’ are their users. By that I mean that the people they test with, and the people they get feedback from, are their customers. And the kind of people who use wordpress.com are not necessarily the kind of people who would hire an agency/freelancer to build a website.
The fact that there’s a commercial entity so invested in the WordPress project means it will continue for a long time to come. But equally it means that as they add more contributors the software may end up moving in a direction that divides opinion. That long time users may not agree with.