That's definitely part of the problem; but, hopefully the uploader script and Theme Check would still catch the vast majority of malicious code if someone tried to inject such.<div><br></div><div>A way to compare diffs would be helpful, but implementation is at the mercy of our available infrastructure. (Translation: we just don't have any way to implement that now, or any time soon.)<br>
<br><div class="gmail_quote">On Tue, Nov 13, 2012 at 5:56 PM, Kirk Wight <span dir="ltr"><<a href="mailto:kwight@kwight.ca" target="_blank">kwight@kwight.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
If these libraries are merely vetted rather than fully reviewed each time, couldn't authors (the naughty ones, not all of us!) just bury nasty stuff in the library somewhere and claim it's one of the vetted versions? Hm, answering my own question, as long as the reviewer does a quick diff or something to the released version, it would still save time. <div>
<br></div><div>I love the idea, particularly as someone that isn't comfortable doing a full code review on class-heavy, OO programming (which a lot of libraries are).<div><div class="h5"><br><br><div class="gmail_quote">
On 13 November 2012 18:48, Chip Bennett <span dir="ltr"><<a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If the code itself is in the Theme, then the code must be reviewed.<div><br></div><div>Hopefully, one day in the far future, we may have a way of vetting code libraries (such as frameworks, or scripts such as this one); but for now, unfortunately, we don't have any feasible way of vetting.</div>
<div><br></div><div>If anyone has any ideas, we'd love to hear them. For example: we could start a static page on the Make/Theme site, listing vetted/approved code libraries, the version reviewed, and the date reviewed/approved.</div>
<div><br></div><div>Thanks,</div><div><br></div><div>Chip<div><div><br><br><div class="gmail_quote">On Tue, Nov 13, 2012 at 5:44 PM, Bryce Adams <span dir="ltr"><<a href="mailto:brycead@gmail.com" target="_blank">brycead@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<span style="font-size:14px">I use this in a lot of my themes. It's by Thomas Griffin who is a very well known/established developer. I doubt a full review of the code in it is needed, but perhaps just a few developers/reviews on this list should confirm whether or not it's okay to use it in <a href="http://wp.org" target="_blank">wp.org</a> themes.</span><span><font color="#888888">
</font></span></div><span><font color="#888888">
<div><div><br></div><div>-- </div><div>Bryce Adams</div><div><br></div></div></font></span><div><div>
<p style="color:#a0a0a8">On Wednesday, 14 November 2012 at 10:40 AM, Kirk Wight wrote:</p>
</div></div><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px">
<span><div><div><div><div>Has anyone come across themes submitted using this library: <a href="http://tgmpluginactivation.com/" target="_blank">http://tgmpluginactivation.com/</a> ?<div><br>
</div><div>It's a library that allows a theme to suggest or require plugins on activation (both from extend/plugins and private repos). Its benefits are obvious, but a theme review including this library would necessitate a full review of the code to which it links.</div>
<div><br></div><div>Perhaps we'd consider allowing it as long as plugins are only recommended instead of required, and only from extend/plugins?</div><div><br></div><div>I'm asking, of course, because it would be great to start suggesting it (or something similar) to theme devs that are including functionality like shortcodes, etc in themes. Also because, well, I might want to use it myself :)</div>
<div><br></div><div>Thoughts?</div>
</div></div></div><div><div><div>_______________________________________________</div><div>theme-reviewers mailing list</div><div><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a></div>
<div><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a></div></div></div></div></span>
</blockquote>
<div>
<br>
</div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>