[wp-hackers] Themes Being Unofficially Distributed with Security Vulnerabilities - Time for an Official Theme Repository?

andre at pixelplexus.co.za andre at pixelplexus.co.za
Thu Nov 29 07:01:23 GMT 2007


and

(machine && human) > ((machine || human) xor (!machine && human) xor
(machine || !human))

A


> +1
>
> Human > machine.
>
> On 11/28/07, Computer Guru <computerguru at neosmart.net> wrote:
>>
>> On 11/29/07, Robin Adrianse <robin.adr at gmail.com> wrote:
>> >
>> > But that's easily gamed by spammers. They're not *that* stupid, you
>> know
>> > ;).
>> >
>> > I don't think machine-verification would be that productive, to be
>> honest.
>> > And it wouldn't really be that hard for a human to just give the theme
>> > files
>> > a quick look-over.
>> >
>>
>> I agree 100%
>> No matter what you do, there'll always be a "easy" workaround to
>> avoiding
>> machine detection. It can include() code from another URI, rot* text,
>> etc.... and worst of all, you'll give people a false sense of security,
>> too.
>>
>> Best is to just have a central repository. "Verified" members of the
>> community can officially mark a theme clean. Users can rate themes on
>> quality, and report a theme as dangerous if they feel it warrants
>> further
>> investigation.
>>
>>
>> That's far more productive, a lot more bullet-proof, and feels more like
>> the
>> WordPress way :)
>>
>> --
>> Computer Guru
>> Director,
>> NeoSmart Technologies
>> http://neosmart.net/blog/
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>
>
> --
> Viper007Bond | http://www.viper007bond.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>




More information about the wp-hackers mailing list