I agree that it's not a big concern, but no one is going to know that there are problems, if there's sort of no record of it over time, I agree with chip's idea of flagging it.<br><br>Would it not be easy enough to move malicious themes to a subdirectory like contains_malicious_code or something so whoever is looking through svn knows. This would fix the google indexing problem.<br>
<br>Cheers,<br clear="all">Clara Choi<br>
<br><br><div class="gmail_quote">On Fri, Feb 11, 2011 at 8:12 AM, Philip M. Hofer (Frumph) <span dir="ltr"><<a href="mailto:philip@frumph.net">philip@frumph.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff">
<div><font face="Arial" size="2">I'm going to agree with Mike on this one it's just
not something even worrying about, it's inherit if the person goes through the
trouble to find the svn's for things not publically accessable then they are
just going to have to take on the consequences</font></div>
<div><font face="Arial" size="2"></font> </div>
<div> </div>
<blockquote style="border-left: 2px solid rgb(0, 0, 0); padding-left: 5px; padding-right: 0px; margin-left: 5px; margin-right: 0px;"><div class="im">
<div style="font: 10pt arial;">----- Original Message ----- </div>
<div style="font: 10pt arial; background: none repeat scroll 0% 0% rgb(228, 228, 228);"><b>From:</b>
<a title="wordpress@zed1.com" href="mailto:wordpress@zed1.com" target="_blank">Mike Little</a>
</div>
<div style="font: 10pt arial;"><b>To:</b> <a title="theme-reviewers@lists.wordpress.org" href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
</div>
<div style="font: 10pt arial;"><b>Sent:</b> Friday, February 11, 2011 3:58
AM</div>
<div style="font: 10pt arial;"><b>Subject:</b> Re: [theme-reviewers] malicious
code found in a theme in the codex</div>
<div><br></div>
</div><div><div></div><div class="h5"><div class="gmail_quote">On 10 February 2011 17:02, Edward Caissie <span dir="ltr"><<a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a>></span>
wrote:<br>
<blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;" class="gmail_quote">I know there "are a lot of things" in the SVN that could
be bad if someone did go to the trouble of checking them out then installing
them wherever ... just putting the idea out there for discussion on whether
or not those themes should be addressed in some fashion.<br><br></blockquote>
<div><br></div>
<div>Don't forget that every old version of every checked-in theme file is
available on subversion too; including security bugs and every bit of bad
code, . This is the nature of open code repositories and should remain
so.</div>
<div><br></div>
<div>I don't think there is any point even thinking about this.</div>
<div><br></div>
<div><br></div>
<div>Mike</div>
<div><br></div></div>
</div></div><p>
</p><hr><div class="im">
<p></p>_______________________________________________<br>theme-reviewers
mailing
list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
</div></blockquote></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br>