[theme-reviewers] Where is the line?

[Bruce Wampler]

I've read some comments that well implemented shared hosting sites don't 
have a problem with file ownership, which seems to be at the heart of 
the fopen issue.

So, out of curiosity, why is it OK for the standard WP media library 
loader to upload files and have them owned by apache and not the user. 
Why doesn't it insist on using FTP as necessary? Seriously, why not?

Why should themes be held to a higher standard than a fundamental part 
of WP - the media library?

And in the big picture of the WP world, why have security issues taken 
over theme submission, when there are no controls whatsoever for 
plugins? The simple answer is that you have to start somewhere, but why 
are theme authors bearing the brunt of the issue? Why do I have to spend 
hours and hours of my (volunteer) time to understand the confusing WP 
file library, and then rewriting hundreds of lined of perfectly good 
code that uses fopen handles in creative ways (like to easily switch 
between file output and "echo" output with the same code), when many of 
the most popular plugins are subject to absolutely no reviews or 
standards whatsoever. If security is such an issue, then I suggest at 
least a little energy be diverted to getting control of plugins.

-- 
-----------
Bruce Wampler, Ph.D.

Software developer
Creator of first spelling checker for a PC
Creator of Grammatik(tm), first true grammar checker
e-mail: bw at brucewampler.com
blog: brucewampler.wordpress.com