[wp-meta] [Making WordPress.org] #2114: Possible abuse on popular themes list based on active installs

Making WordPress.org noreply at wordpress.org
Thu Oct 6 11:06:57 UTC 2016 

#2114: Possible abuse on popular themes list based on active installs
-----------------------------+------------------
 Reporter:  acosmin          |       Owner:
     Type:  defect           |      Status:  new
 Priority:  low              |   Milestone:
Component:  Theme Directory  |  Resolution:
 Keywords:                   |
-----------------------------+------------------
Changes (by dd32):

 * priority:  high => low


Comment:

 I'll refer this off to [https://core.trac.wordpress.org/ticket/14179
 #14179 on Core trac].
 The only solution here is to adjust how core theme update notifications
 are done, if an alteration is made there, then this will flow through to
 the active install counts for themes (and likewise for plugins),

 It's well documented that at present theme updates are based purely on the
 theme slug (folder name), and for Plugins although it's based on more data
 points, at the end of the day it's based almost purely upon the plugin
 slug (folder name) and plugin header name.

 The ideal solution for this is to include a unique header/UUID/hash in the
 headers to base update notifications off (as suggested in
 [https://core.trac.wordpress.org/ticket/10814 Core #10814] and others).

 I'd argue that TRT should probably reject theme names which are already
 used in the wild, primarily to prevent the unexpected update notifications
 from existing themes to the new w.org hosted theme.
 If this was something the TRT is interested in, I could hook up something
 to determine that based on our existing stat engines and report it, say if
 100+ sites in the wild already use that name. However that gets murky when
 you consider many themes are live in the wild via the authors site for
 months before approval on w.org, and it'll also significantly reduce the
 number of usable theme names (Hint: all the good ones are taken, with
 millions of theme names in the wild).

 Marking `low` as to be honest, this is something we've known about for 7+
 years and never made a move on, marking this as a duplicate of one of the
 core tickets is also an option.

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/2114#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list