Earlier this year, representatives from the themes team and meta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team had a call together with Matt and Josepha. This set a new goal and action points for improving the theme submission process.
Meeting notes February 24, 2021
Next steps on themes and reviews
Increase the number of installed themes that originate from the WordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ theme directory.
- Reduce requirements.
- Improve automated tools.
- Move the manual review step to after a theme is added to the theme directory.
- Add user facing flags for theme quality based on the result of the automated checks.
- Add a new algorithm for the theme directory that prioritizes themes based on the flags.
- A local development environment with the theme directory to make it easier to contribute.
- Make it easier to submit themes.
Summary of what has been achieved so far
During quarter three (Q3), the focus has been on automated tools and reducing requirements.
As of October 4, the review process still includes a manual step before a theme is added to the theme directory. Before the manual review can be moved, an automated license check must be implemented, and the security checks must be analyzed.
The requirements have been reduced to a list of 13 items. This list will be reduced further when the order of the review process is updated.
- Theme Review Action has been implemented on the themes Trac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. and is used to present results from e2e and integration tests of the theme.
- Theme Check plugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party (which is also used on the themes Trac) has been updated to reduce the requirements and improve error messages.
- A local environment for the theme directory is available at https://github.com/WordPress/theme-directory-env
- A plan for allowing themes to be submitted via SVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. has been published.
- Work on the user-facing badges or flags, and the new algorithm has not started.
Further reducing requirements and improving automated tools
One goal, with reducing the requirements and improve the automated tools, is to reach the point where authors can safely add themes to the directory without manual review.
The current review process
- A logged-in user submits a zip file.
- Automated review.
- Manual review.
- The theme is added to the theme directory manually.
What we aim to change the process to
- A logged-in user submits a zip file or uploads a theme via SVN.
- Automated review.
- The theme is added to the directory automatically.
- Results of the remaining automated tests are presented as flags or badges.
- Manual review after user reports, spot-checking.
The automated review at step 2 is proposed to make sure that:
- The theme is secure.
- The theme is GPL GPL is an acronym for GNU Public License. It is the standard license WordPress uses for Open Source licensing https://wordpress.org/about/license/. The GPL is a ‘copyleft’ license https://www.gnu.org/licenses/copyleft.en.html. This means that derivative work can only be distributed under the same license terms. This is in distinction to permissive free software licenses, of which the BSD license and the MIT License are widely used examples. compatible.
- The WordPress trademark is respected.
- The theme does not break the theme directory or theme previewer.
Because engagement is understandably low because of covid, I decided to list the easy, or if you prefer, low conflict and non-controversial requirements first, publish a proposal from that and then iterate.
To decide which requirements to remove, I used the list of guard rails and looked at the impact of removing the requirement on the theme directory itself and theme quality.
I used a public GitHub repository to create an overview of the requirements and to present suggestions of requirements that could be removed. There was no engagement besides those directly involved in the project.
A proposal for reduced requirements and request for feedback was published on the Themes team Make blog on July 20. The team had a zoom call with theme authors to discuss the changes.
With the result of the request for feedback, two more requirements were reduced.
@dd32 created a new Slack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel called #themereview-firehose to help the themes team representatives keep track of which requirements are preventing themes from being uploaded. This type of statistics was not available before.
There are two main tools:
Theme Review Action uses Theme Check, and results from both tools are presented to the theme author and reviewer.
GitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ was used to document what is actually checked by the automated tools, compared to what was listed on the theme requirements page on WordPress.org.
Besides the work on updating and creating new checks and tests, time was put into removing discrepancies.
@dufresnesteven created an improved table that lists the requirements in different categories. This helped us gain a better overview of the requirement as they were iterated on. We are using the table to list which tool is used to check which requirement.
I would like to add that I expect the requirements to be reduced further if the themes team can find a way to engage more people in the conversation.
To help theme authors adjust to the new less restrictive requirements, I propose that the themes team publishes more in-depth articles to clarify the changes.
My analysis is that three more steps are needed to reach the point where authors can safely add themes to the directory without manual review:
- Determine if the security checks are enough, and if not, learn what still needs to be added.
- GPL license confirmation
- The PHP error check in Theme Review Action must prevent theme upload, to prevent the theme previewer from breaking.