[theme-reviewers] Where is the line?

Chip Bennett chip at chipbennett.net
Sun Jun 26 02:31:10 UTC 2011 

Just to set a couple of meaningful scope parameters:

1) This is the *Theme* review list, and the Theme Review Team is tasked with
reviewing *Themes*. We are simple folk, and try to work within the
boundaries of our commission. Thus, any question or statement that begins
with, "But Plugins do/don't..." or "But why can/can't Plugins..." is going
to be out of scope. We have zero control over the Plugin submission/approval
process; and quite frankly, we have enough on our hands just dealing with
Themes.

2) The fopen() question is above our pay grade. That decision goes higher up
than the Theme Review Team members, and we merely enforce that decision. It
has also been debated ad nauseum on this list already. Suffice it to say: at
least until we get notice otherwise, that decision is not going to change.

I don't want to discount any of your questions or issues; however, I *do*
want to help ensure that discussion continues in a productive direction.

Chip

On Sat, Jun 25, 2011 at 8:57 PM, Bruce Wampler <brucewampler at gmail.com>wrote:

> I've read some comments that well implemented shared hosting sites don't
> have a problem with file ownership, which seems to be at the heart of the
> fopen issue.
>
> So, out of curiosity, why is it OK for the standard WP media library loader
> to upload files and have them owned by apache and not the user. Why doesn't
> it insist on using FTP as necessary? Seriously, why not?
>
> Why should themes be held to a higher standard than a fundamental part of
> WP - the media library?
>
> And in the big picture of the WP world, why have security issues taken over
> theme submission, when there are no controls whatsoever for plugins? The
> simple answer is that you have to start somewhere, but why are theme authors
> bearing the brunt of the issue? Why do I have to spend hours and hours of my
> (volunteer) time to understand the confusing WP file library, and then
> rewriting hundreds of lined of perfectly good code that uses fopen handles
> in creative ways (like to easily switch between file output and "echo"
> output with the same code), when many of the most popular plugins are
> subject to absolutely no reviews or standards whatsoever. If security is
> such an issue, then I suggest at least a little energy be diverted to
> getting control of plugins.
>
> --
> -----------
> Bruce Wampler, Ph.D.
>
> Software developer
> Creator of first spelling checker for a PC
> Creator of Grammatik(tm), first true grammar checker
> e-mail: bw at brucewampler.com
> blog: brucewampler.wordpress.com
>
> ______________________________**_________________
> theme-reviewers mailing list
> theme-reviewers at lists.**wordpress.org<theme-reviewers at lists.wordpress.org>
> http://lists.wordpress.org/**mailman/listinfo/theme-**reviewers<http://lists.wordpress.org/mailman/listinfo/theme-reviewers>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110625/772aa80d/attachment.htm>

More information about the theme-reviewers mailing list