[theme-reviewers] Guidance on theme security

Chip Bennett chip at chipbennett.net
Wed Oct 20 15:07:22 UTC 2010


On Wed, Oct 20, 2010 at 10:00 AM, Edward Caissie
<edward.caissie at gmail.com>wrote:

> Something to keep in mind with the adoption of the current version of
> WordPress is the stigmatism attached to a 'point-zero' release.
>
> For the most part, the average user is easily swayed to believe that a
> point-zero release is buggy and not a great idea to upgrade to so they wait
> for the 'point-one' release.  I use the term "average user" for the simple
> sake most users do not appreicate or understand the version numbering
> process used in WordPress.
>
> If I wasn't involved as much as I am I would likely also consider myself
> one of those "average users" in thinking that 3.0 should be a wait and see
> unless you enjoy using buggy software (BTW, I think a lot of the blame can
> be attributed to nacin, or the good folk in that Washington state city
> *grin* ).
>
> I think once WP3.1 is released and given a (possibly short) reasonable
> amount of time to be implemented we will start to see installations skewed
> much more towards 3.0+ than what we are seeing now.
>

Then WordPress needs better education about its versioning methodology.
"Major" releases for WordPress are X.Y. "Point" releases are "X.Y.Z". So,
even those wary of dot-zero releases should all have updated when the
dot-zero-dot-one version was releasted.

In the WordPress world, 3.1 would be no more or less inherently buggy than
3.0. (And IMHO mjaor WP releases tend not to be terribly buggy to begin
with.)

>
> As to backward compatibility in the Theme repository, IMHO one full version
> 30-60 days after one full release is about as far as would be needed. That
> gives authors the ability to address what needs to be changed (if anything)
> and minimizes the impact on the Theme Review process. Of course, this is
> related to the discussions that have been on-going for months regarding the
> Theme repository in general.
>
> So you're leaning toward no backward-compatibility support beyond one prior
major version?

I can live with that. It's probably the best we'll be able to do.

(And yes, it is balanced against and related to - though not conflicting
with - our previous discussions regarding when to require current-version
support.)

Chip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101020/868ec65d/attachment.htm>


More information about the theme-reviewers mailing list