[wp-meta] [Making WordPress.org] #286: Setup SVN pre-commit hooks to enforce plugin guidelines

Making WordPress.org noreply at wordpress.org
Mon Jan 20 21:39:45 UTC 2014

#286: Setup SVN pre-commit hooks to enforce plugin guidelines
Reporter:  iandunn      |      Owner:
    Type:  enhancement  |     Status:  new
Priority:  normal       |  Component:  Plugins Directory
Keywords:               |
 @raanan shared an article about 3rd parties
 extensions-amid-ad-uproar/ purchasing Chrome extensions in bad faith] and
 then adding inappropriate ads without informing the users, and asked if
 the WordPress.org repository was vulnerable to this.

 That made me wonder about setting up a pre-commit hook to scan for malware
 (assuming there's a good ope-source malware database to check commits
 against). That would also protect against situations where a developer's
 account is compromised.

 It also made me wonder if we couldn't also automatically enforce some of
 the plugin guidelines.

 * Embedding offsite images/etc
 * Missing `License` header
 * More than 12 terms in `Tags` header
 * Commit frequency
 * Capital P

 There could be some situations that are suspicious but not always
 inappropriate, so we might want to send an e-mail to the Plugin Review
 Team, but not automatically block the commit.

 * Calls to `base64_decode()` or `eval()` could be obfuscated code or

 Is it worth the effort? Is there a good way to gracefully handle false

Ticket URL: <https://meta.trac.wordpress.org/ticket/286>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list