It used to be that software companies released updates about every 6 months (or so), but seldom more often. Then Netscape established a more-or-less monthly cycle for new releases, which pundits called “Netscape time”. Since I was involved with distributing these updates to thousands of desktops, it was quite a big deal. We would have just finished vetting the last release, when here was a new one, and it usually had a dozen changes included.
These days we have that problem expanded ten (or twenty) times as much. In The Uniform Server WAMP, for example, there are many different open source components, such as Apache, PHP, MySQL, and several others. Each of these has a “standard” release schedule, and also a “security fix” cycle for plugging holes quickly. The Uniform Server developers try to keep current with this by releasing updates each time there’s an important or critical component update. To date it’s been a challenge. Since the 7.0.0-Orion release March 18, 2011, there have been 18 updates in the last five months, with one release being superseded the same day.
The other side of this is the problem of updating your website with the new WAMP release. This is far more complex, since there’s no way to know just what the users of the WAMP stack have changed or added. As a result, there is no automatic, one-button update. However, after so many releases, it might be time to mark this as a very desirable feature for any WAMP.
The downside of NOT doing frequent updates (both for the WAMP developers and for the WAMP users) is that discovered security problems are not resolved, and your website becomes vulnerable. This is why I would not recommend using XAMPP for a production site. While they have a full-featured stack, it doesn’t get updated often enough to be secure. Their 1.7.4 release dates from January, and a lot of component changes have been released since then. My feeling is that if a WAMP has not been updated in the last two years, you really should look at another one.
There has to be a balance somewhere between updating the platform and updating the application. Operating systems have this same problem. The essential problem: which is more important, doing your intended work on the computer, or installing software security updates? I think one trend seems to be significant. Google has arranged to have its Chrome browser update without any fuss or indications, and Mozilla will be following suit. The other companies (Microsoft, Adobe, etc.) are getting close, but often they break things as well. Hopefully the updates will become truly automatic, and busy workers, non-techies and grandmothers alike won’t need to become part of the IT department just to stay up-to-date.