[theme-reviewers] Guidance on theme security

Chip Bennett chip at chipbennett.net
Wed Oct 20 15:52:44 UTC 2010

I don't see how it conflicts with core philosophies. We're not talking *all*
Themes, but rather only talking in the context of Themes hosted by the
official WordPress Theme Repository.

Do we *really* want the official WordPress Theme Repository to be
facilitating users not keeping their WordPress installs up-to-date?

Old versions of Themes and Plugins are readily available for those who
choose not to update core. So, nothing here would be preventing them from
their update-avoidance. I just don't think we should be *helping* them to
that end.


On Wed, Oct 20, 2010 at 10:37 AM, Andrew Nacin <wp at andrewnacin.com> wrote:

> On Wed, Oct 20, 2010 at 11:15 AM, Edward Caissie <edward.caissie at gmail.com
> > wrote:
>> On Wed, Oct 20, 2010 at 11:07 AM, Chip Bennett <chip at chipbennett.net>wrote:
>>> So you're leaning toward no backward-compatibility support beyond one
>>> prior major version?
>>> I can live with that. It's probably the best we'll be able to do.
>> In a perfect world, yes, but we all know the world is imperfect. How we
>> implement a minimal to no backward-compatibility approach is going to be the
>> real challenge; more so than the actual time-frame we work out.
> That's the exact opposite of our core philosophies though. If they want to
> support back to the end of time, I don't see why we need to prevent them
> from doing so. Not our problem and it should not make theme reviews harder.
> If this is about deprecated functions, then they should be surrounding
> things in function_exists checks, so proper functions get run when they are
> available. If the upload script catches such functions, then it's still not
> our problem. That's the solution, really... Don't worry about it, and let
> the upload script bark at them.
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101020/674649e5/attachment.htm>

More information about the theme-reviewers mailing list