[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wordpress packages

On Monday 07 May 2007 21:08, Bernd Zeimetz <bernd@bzed.de> wrote:
> imho the wordpress packaging should be changed in a way to allow the
> user to drop their plugins/themes into /var/lib/wordpress/../ instead of
> trying to package plugins and themes.

Making it a configuration option to allow the user to install plugins and 
themes would be a reasonable thing to do.  But packaging commonly used 
plugins and themes would be much more useful to most sys-admins.

> Due to the nature of php and 
> wordpress, the code is hard to maintain in general, and many plugins are
> a mess of code and often they open security related holes in your WP
> installation. Maintaining a collection of plugins for WP sounds like a
> nightmare for me.

This is precisely why you want to have a set of packaged plugins which have 
some minimal quality standards!

I am not a PHP programmer so I can't audit the code for security issues.  I 
can however test the cost to make sure that it works and package it so that 
the files end up in the correct locations, data files that are created with 
the correct permissions to allow Apache to access them, and that 
configuration is not overly difficult.

Getting the entire collection of Wordpress plugins (or any significant 
sub-set) audited for security issues seems quite unlikely.  Getting a smaller 
collection of plugins which are packaged for Debian audited in such a manner 
would be much easier and therefore much more likely.

I don't think that I am the ideal person to maintain such packages, but 
someone has to do it and I'm prepared to make a start.  I would be happy to 
give the packages to someone with more PHP experience if asked.

http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to: