I've previously covered the issues I have with CMS platforms. They aren't bad (I use one for this blog), however some seem to want to make it as difficult as possible to update.
I currently use Magento as part of my day job, and therefore I need to maintain and keep it up-to-date as often as possible to ensure the platform is as stable and secure as can be practical and possible with a huge platform like that.
The most recent patch seems to have fallen in-line with Magento demanding to know about your site, and verifying your e-mail address. Let me reiterate; in order to keep your Magento store up-to-date with the latest security patches, they demand to know your URL, how many employees you have, the annual revenue of the store, as well as information about your role in the site. Then they want you to verify an e-mail address.
This is a frustration barrier, even if you only need to do it once. I don't want to have to spend time filling in surveys to get the patches to ensure their platform doesn't get a bad reputation for being insecure.
More frustrating for me is that for every patch I have tried to apply, every single one has failed. I still have to download the latest full Magento release and diff each file one-by-one. Okay, so I use Meld to do a full directory comparison and let me know which files need updating, but it's still a long process.
The patches may work for most people, and I know I have inherited an awful codebase of bad practices, but the point is developers shouldn't need to verify or populate surveys to get access to critical patches so they can ensure compliance.
Just one of the many reasons I am ditching Magento as soon as possible!