[wp-hackers] Bundled Plug-ins
mail at scribu.net
Sat Oct 2 18:37:52 UTC 2010
On Sat, Oct 2, 2010 at 9:30 PM, Mike Schinkel
<mikeschinkel at newclarity.net>wrote:
> I'm assuming the issue is that any code on the server could have a security
> hole, deactivated or not, so it's critical that we get all code updated in
> case of a security hole, right? But could there not be a third way? How
> about an "archive" feature that allowed a user to archive a plugin which
> would either zip its contents and/or set the permissions on its
> directory/files so that it's not accessible externally (if that's even
> possible; my knowledge of how server permissions work is rather lacking.)
If you're that concerned about security, you're better off deleting the
plugin and just bookarmking it in your browser or whatever.
If you just want to hide the update nags (something that I would like to do
too), you could make a plugin that does it (with jQuery, in the worst case).
I think these constant "update me" notices are yet another reason why people
> don't want to use any more plugins than they have to even though the
> constant refrain related to features is "that's plugin territory." (I think
> what I'm saying here is that by improving the management of plugins it might
> help people who have issues with plugins dislike them less.)
I agree that plugin management could be a little more sophisticated.
More information about the wp-hackers