[wp-meta] [Making WordPress.org] #5509: Notify users of changes to plugin ownership

Making WordPress.org noreply at wordpress.org
Mon Nov 16 20:01:52 UTC 2020 

#5509: Notify users of changes to plugin ownership
------------------------------+--------------------
 Reporter:  ianatkins         |      Owner:  (none)
     Type:  defect            |     Status:  new
 Priority:  normal            |  Milestone:
Component:  Plugin Directory  |   Keywords:
------------------------------+--------------------
 I've experienced a few plugins change ownership and it's really not clear
 as a user, developer and maintainer of sites when that has happened.

 Whilst having a plugin continue to be developed is admirable - I do think
 it would be wise to inform users of that change, for the following
 reasons:

 1. There might be privacy policy changes that have impacts on what data is
 shared and how it is shared. Legally depending on location this may have
 to communicated to end users ( under GDPR etc ).

 2. The plugin may change direction or add features that were not
 originally included or required under the stewardship of the prior owner.
 ( Whilst this won't become clear until later down the line, at least
 informing users of the ownership change would make it clear as to why said
 changes are happening ).

 3. The plugin may have changed hands to a developer or development house
 that a user knows isn't as reliable as the previous owner. ( Not to name
 names, but there's a few developers I don't touch after various
 maintenance / quality nightmares in the past ).

 In my case the plugin that made me raise this ticket was Members,
 originally by Justin Tadlock. Now it's a marketing entry point to
 MemberPress and features various paid add-ons and upgrades when the
 original plugin was a lightweight developer toolkit for editing
 capabilities.

 Personally would suggest the change of ownership be notified by:

 1. Adding a requirement for the first release under new ownership to add a
 notification to the admin area, linking to the new developers privacy
 policy.

 2. Adding a requirement for the plugin to re-validate consent to share
 data ( if it's doing so ).

 3. Adding a notification to the plugin page on the wordpress.org directory
 page. ( It took me a while to work out why a once reliable plugin was
 veering so far in a new direction and I couldn't remember if the current
 developer was indeed the original developer. Slight moment of user
 gaslighting!) Whilst I try and keep track of who develops what, over 100s
 of plugins and 100s of sites, this would be much easier for the plugin
 page to communicate.

 Speaking to the plugin team, you do currently review change of ownership
 of plugins - so hopefully these things could be easily implemented in part
 by a change of policy.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/5509>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list