[theme-reviewers] TGM plugin activation

Chip Bennett chip at chipbennett.net
Wed Nov 14 00:06:58 UTC 2012 

That's definitely part of the problem; but, hopefully the uploader script
and Theme Check would still catch the vast majority of malicious code if
someone tried to inject such.

A way to compare diffs would be helpful, but implementation is at the mercy
of our available infrastructure. (Translation: we just don't have any way
to implement that now, or any time soon.)

On Tue, Nov 13, 2012 at 5:56 PM, Kirk Wight <kwight at kwight.ca> wrote:

> If these libraries are merely vetted rather than fully reviewed each time,
> couldn't authors (the naughty ones, not all of us!) just bury nasty stuff
> in the library somewhere and claim it's one of the vetted versions? Hm,
> answering my own question, as long as the reviewer does a quick diff or
> something to the released version, it would still save time.
>
> I love the idea, particularly as someone that isn't comfortable doing a
> full code review on class-heavy, OO programming (which a lot of libraries
> are).
>
>
> On 13 November 2012 18:48, Chip Bennett <chip at chipbennett.net> wrote:
>
>> If the code itself is in the Theme, then the code must be reviewed.
>>
>> Hopefully, one day in the far future, we may have a way of vetting code
>> libraries (such as frameworks, or scripts such as this one); but for now,
>> unfortunately, we don't have any feasible way of vetting.
>>
>> If anyone has any ideas, we'd love to hear them. For example: we could
>> start a static page on the Make/Theme site, listing vetted/approved code
>> libraries, the version reviewed, and the date reviewed/approved.
>>
>> Thanks,
>>
>> Chip
>>
>>
>> On Tue, Nov 13, 2012 at 5:44 PM, Bryce Adams <brycead at gmail.com> wrote:
>>
>>>  I use this in a lot of my themes. It's by Thomas Griffin who is a very
>>> well known/established developer. I doubt a full review of the code in it
>>> is needed, but perhaps just a few developers/reviews on this list should
>>> confirm whether or not it's okay to use it in wp.org themes.
>>>
>>> --
>>> Bryce Adams
>>>
>>> On Wednesday, 14 November 2012 at 10:40 AM, Kirk Wight wrote:
>>>
>>> Has anyone come across themes submitted using this library:
>>> http://tgmpluginactivation.com/ ?
>>>
>>> It's a library that allows a theme to suggest or require plugins on
>>> activation (both from extend/plugins and private repos). Its benefits are
>>> obvious, but a theme review including this library would necessitate a full
>>> review of the code to which it links.
>>>
>>> Perhaps we'd consider allowing it as long as plugins are only
>>> recommended instead of required, and only from extend/plugins?
>>>
>>> I'm asking, of course, because it would be great to start suggesting it
>>> (or something similar) to theme devs that are including functionality like
>>> shortcodes, etc in themes. Also because, well, I might want to use it
>>> myself :)
>>>
>>> Thoughts?
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20121113/65ec7f35/attachment.htm>

More information about the theme-reviewers mailing list