[theme-reviewers] WPORG: Support: Claim of a number of backdoored themes in Repo

Wed Apr 25 16:16:27 UTC 2012

Hold that thought. There may be some...internal discussions being conducted
along those lines. :)

Chip

On Wed, Apr 25, 2012 at 11:05 AM, Kirk Wight <kwight at kwight.ca> wrote:

> That's great! I agree with Cais, it really shows the value of these
> reviews.
>
> Has there ever been a proposed pruning, similar to what happened with
> plugins last year (assuming we even have the mandate to do that)? Maybe
> setting a two year cutoff, and reviewing older stuff to see if some themes
> should actively be removed? It would seem a simple way to up the overall
> quality of the repo (although we would need to give proper warning,
> allowing affected developers time to update their themes if they so choose).
>
> Thoughts?
>
>
> On 25 April 2012 11:56, Edward Caissie <edward.caissie at gmail.com> wrote:
>
>> Good Work, Amy! ... and definitely yet another justification for the
>> process and guidelines we use.
>>
>>
>> Cais.
>>
>>
>>
>> On Wed, Apr 25, 2012 at 11:50 AM, Amy Hendrix <sabreuse at gmail.com> wrote:
>>
>>> I had a bit of time so I went through the list he posted --
>>>
>>> - Only one theme is available in the directory, and that was a false
>>> positive (same filename, but a completely different "helpers" file
>>> from the others on the list).
>>> - Two were themes that reviewers caught, rejected, and reported to
>>> wp.org at the time they were reviewed,
>>> - The rest were from before there was a review process, and none of
>>> them would pass review now.
>>>
>>> I think that's a nice indication that our process has made a big
>>> difference in the quality of what gets out there!
>>>
>>> On Wed, Apr 25, 2012 at 10:35 AM, Amy Hendrix <sabreuse at gmail.com>
>>> wrote:
>>> > Yeah, I suspect that "helpers.php" is an exploit that someone is using
>>> > somewhere -- exactly because it's such a generic-looking filename --
>>> > but it's also used as a name for a perfectly innocent helper function
>>> > library by other themes.
>>> >
>>> >
>>> > On Wed, Apr 25, 2012 at 10:32 AM, Chip Bennett <chip at chipbennett.net>
>>> wrote:
>>> >> I replied, and "ottolook" tagged the topic. (If code is to be removed
>>> from
>>> >> SVN, Otto is the one to do it.)
>>> >>
>>> >> The OP definitely found some malicious code, but some of the
>>> referenced
>>> >> Themes don't have malicious code, as far as I can tell.
>>> >>
>>> >> Thanks,
>>> >>
>>> >> Chip
>>> >>
>>> >>
>>> >> On Wed, Apr 25, 2012 at 9:12 AM, esmi at quirm dot net <
>>> esmi at quirm.net>
>>> >> wrote:
>>> >>>
>>> >>>
>>> >>>
>>> >>> <
>>> http://wordpress.org/support/topic/backdoored-templates-on-themessvnwordpressorg
>>> >
>>> >>>
>>> >>> Mel
>>> >>> --
>>> >>> http://quirm.net
>>> >>> http://blackwidows.co.uk
>>> >>> _______________________________________________
>>> >>> theme-reviewers mailing list
>>> >>> theme-reviewers at lists.wordpress.org
>>> >>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>> >>
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> theme-reviewers mailing list
>>> >> theme-reviewers at lists.wordpress.org
>>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>> >>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120425/a8dd46a4/attachment.htm>