[wp-trac] [WordPress Trac] #14179: Theme asking to update (theme with same name on WordPress.org)

WordPress Trac noreply at wordpress.org
Thu Jul 20 17:24:27 UTC 2017 

#14179: Theme asking to update (theme with same name on WordPress.org)
----------------------------+----------------------------
 Reporter:  design_dolphin  |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  WordPress.org
Component:  Themes          |     Version:
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+----------------------------

Comment (by earnjam):

 Thinking more about it, while I like the idea in theory of a per-version
 theme/plugin hash for full backwards compatibility and addressing all of
 the issues with the current system (including the "controversies" over
 developers gaming the popular themes algorithm), I'm not sure it's really
 the best option.

 The process of generating the hashes for all the themes/plugins on .org
 would be a tremendous undertaking for a (relatively) small benefit and
 just wouldn't happen. Not to mention the extra complexity added to the
 update API, and the possibility of a user making a tiny edit to the
 theme/plugin header, screwing up their hash value and breaking update
 checks.

 The related tickets have two other much simpler options suggested.

 #23318 has a suggestion to include a GUID in the theme/plugin header. That
 basically just further specifies what to look for on the API side. It puts
 the onus on the developers to add, but could be verified as part of the
 submission/upload process before getting published, so everything on .org
 would have one.

 #32101 suggests adding a private flag to prevent update checks from
 occurring at all. Again, onus there is on the developers of external
 themes/plugins to add, but it would be even simpler than the GUID.

 Both of those make preventing bad auto-updates easy, and would help
 "verify" true installs on the API side. They don't, solve the problems for
 older themes/plugins, but would stop the problems going forward and be far
 simpler to implement. You're much more likely to get some traction on
 either of those options.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/14179#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list