[wp-meta] [Making WordPress.org] #286: Setup SVN pre-commit hooks to enforce plugin guidelines
Making WordPress.org
noreply at wordpress.org
Mon Jan 20 21:39:45 UTC 2014
#286: Setup SVN pre-commit hooks to enforce plugin guidelines
------------------------+-------------------------------
Reporter: iandunn | Owner:
Type: enhancement | Status: new
Priority: normal | Component: Plugins Directory
Keywords: |
------------------------+-------------------------------
@raanan shared an article about 3rd parties
[http://blogs.wsj.com/digits/2014/01/19/google-removes-two-chrome-
extensions-amid-ad-uproar/ purchasing Chrome extensions in bad faith] and
then adding inappropriate ads without informing the users, and asked if
the WordPress.org repository was vulnerable to this.
That made me wonder about setting up a pre-commit hook to scan for malware
(assuming there's a good ope-source malware database to check commits
against). That would also protect against situations where a developer's
account is compromised.
It also made me wonder if we couldn't also automatically enforce some of
the plugin guidelines.
* Embedding offsite images/etc
* Missing `License` header
* More than 12 terms in `Tags` header
* Commit frequency
* Capital P
There could be some situations that are suspicious but not always
inappropriate, so we might want to send an e-mail to the Plugin Review
Team, but not automatically block the commit.
* Calls to `base64_decode()` or `eval()` could be obfuscated code or
malware.
Is it worth the effort? Is there a good way to gracefully handle false
positives?
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/286>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list