Re: wordpress packages
On Monday 07 May 2007 21:08, Bernd Zeimetz <bernd@bzed.de> wrote:
> imho the wordpress packaging should be changed in a way to allow the
> user to drop their plugins/themes into /var/lib/wordpress/../ instead of
> trying to package plugins and themes.
Making it a configuration option to allow the user to install plugins and
themes would be a reasonable thing to do. But packaging commonly used
plugins and themes would be much more useful to most sys-admins.
> Due to the nature of php and
> wordpress, the code is hard to maintain in general, and many plugins are
> a mess of code and often they open security related holes in your WP
> installation. Maintaining a collection of plugins for WP sounds like a
> nightmare for me.
This is precisely why you want to have a set of packaged plugins which have
some minimal quality standards!
I am not a PHP programmer so I can't audit the code for security issues. I
can however test the cost to make sure that it works and package it so that
the files end up in the correct locations, data files that are created with
the correct permissions to allow Apache to access them, and that
configuration is not overly difficult.
Getting the entire collection of Wordpress plugins (or any significant
sub-set) audited for security issues seems quite unlikely. Getting a smaller
collection of plugins which are packaged for Debian audited in such a manner
would be much easier and therefore much more likely.
I don't think that I am the ideal person to maintain such packages, but
someone has to do it and I'm prepared to make a start. I would be happy to
give the packages to someone with more PHP experience if asked.
--
russell@coker.com.au
http://etbe.coker.com.au/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
Reply to: