Old themes not in WordPress core 5.1 are installed with roots/wordpress

[noelspringer]

Themes currently installed with WP core 5.1 from both wordpress.org and the johnpbloch/wordpress composer package are:

• twentysixteen
• twentyseventeen
• twentynineteen

Themes installed with roots/wordpress include the above three themes as well as the old themes twentyeleven through to twentyfifteen.

[QWp6t]

This repo installs releases from the official wordpress/wordpress repo.

[LeoColomb]

Actually @noelspringer is right. And I'm not sure zip archives from mirrored git repo releases are the official distribution zips. It seems to be more that ones: https://wordpress.org/download/releases/.

[noelspringer]

Aha i see that repo includes the older themes. Curious though since the official WordPress releases don't include them.

Could the older themes have been removed from the official releases for security reasons?

[LeoColomb]

@noelspringer I guess old themes are kept in the sources for maintenance, but removed when building archives for distribution.

[noelspringer]

Makes sense Leo. Thanks

[retlehs]

let's start figuring out some options on what we can do to remove the old themes that aren't typically distributed with wordpress

[LeoColomb]

@retlehs One option available to exclude default and old themes is downloading "no-content" build from WordPress.org repo:

https://downloads.wordpress.org/release/wordpress-{$version}-no-content.zip

PS: I've setup my own WordPress-composer repo where with "no-content" option, but I would like to configure a complete org with all the different available options.

[austinpray]

@LeoColomb eventually we will finish https://github.com/roots/wordpress-packager which will allow releasing all three packages

• wordpress.org zip
• wordpress.org no-content zip
• git mirror

[LeoColomb]

@austinpray That would be awesome, indeed 🙂 Let me know if I can help

[austinpray]

Looking at getting this fixed ASAP since this behavior triggers a security notice.

If anyone has time to experiment: it might be as simple as just adding some more metadata to the package to blacklist those old themes? https://getcomposer.org/doc/04-schema.md#archive

Also as far as rollout: pretty sure it's safe to assume that people will not mind if these themes disappear the next time they bump the roots/wordpress version?

[strarsis]

+1 for this! Having less unused files is always good.

[retlehs]

https://packagist.org/packages/roots/wordpress-no-content is now available to use, fyi!

props to @LeoColomb and @swalkinshaw for their work on the new composer wordpress packages via https://github.com/roots/wordpress-packager