[wp-hackers] Themes Being Unofficially Distributed with Security Vulnerabilities - Time for an Official Theme Repository?

Jacob wordpress at santosj.name
Thu Nov 29 03:32:48 GMT 2007


With any heuristics, it would give a better indication of whether or not 
the Theme should be checked over. There is no point checking themes that 
pose little threat and even those that get through, will be easier to 
ban, than waiting for all of the themes to be tested by users.

The question is who will write this code, where will the code be located 
(probably not fit for core, but that is up to the core devs), and what 
steps will you take to ensure that people know about it?


Robin Adrianse wrote:
> Anyone could do it, really (at least anyone with reasonable knowledge of
> code).
>
> Hell, I'd be willing to help out with that... but I wouldn't really want to
> be the only one, in case I got tied up in something else and the repository
> just stalled... which is what happened with themes.wordpress.net IIRC.
>
> On Nov 28, 2007 3:56 PM, Christine Davis <christine at neato.co.nz> wrote:
>
>   
>>> But that's easily gamed by spammers. They're not *that* stupid, you know
>>> ;).
>>>       
>> I'm all for anything that makes it more difficult.  The current zero
>> checks
>> which are currently in place are vastly easier to work around d:
>>
>> I don't think machine-verification would be that productive, to be honest.
>>     
>>> And it wouldn't really be that hard for a human to just give the theme
>>> files
>>> a quick look-over.
>>>
>>>       
>> Who did you have in mind to do that?
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>>     
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   


-- 

Jacob Santos

http://www.santosj.name - blog
http://wordpress.svn.dragonu.net/unittest/ - unofficial WP unit test suite.

Also known as darkdragon and santosj on WP trac.



More information about the wp-hackers mailing list