[wp-meta] [Making WordPress.org] #4634: Add new status for updated themes and prevent them being set live automatically
Making WordPress.org
noreply at wordpress.org
Sun Jul 28 09:32:02 UTC 2019
#4634: Add new status for updated themes and prevent them being set live
automatically
-----------------------------+-------------------------------------
Reporter: dingo_d | Owner: (none)
Type: enhancement | Status: new
Priority: high | Milestone:
Component: Theme Directory | Keywords: needs-patch 2nd-opinion
-----------------------------+-------------------------------------
Currently, theme updates aren't checked by the review team. So,
technically, a user could create an ok theme, pass the review and his
theme would be set live. Then they could modify the theme to include some
forbidden things (obtrusive upselling, demo xml in the theme or some
tracking code even), and we would be none the wiser, since updates are
closed and set live automatically.
This is a potential security risk.
In addition to that, we have a problem with themes that haven't been
updated for over 2 years. Once you update them, they are set live, but
don't show in any of the current trac queues
(https://themes.trac.wordpress.org/report), and are not actually
searchable (https://meta.trac.wordpress.org/ticket/2939), or set live
(they need to be manually checked and approved probably from the admin
area by reviewers with proper clearance - not 100% sure how this is done,
TRT admins would know more).
A proposal is to add a new status for those themes. Maybe `updated` or
something similar, so that the reviewers could pay more attention to these
(seeing diffs).
More input from the TRT is welcomed, but we should implement this asap.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/4634>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list