[wp-meta] [Making WordPress.org] #5351: Plugin Security - Notify plugin committers when a new committer is added
Making WordPress.org
noreply at wordpress.org
Wed Aug 5 08:02:16 UTC 2020
#5351: Plugin Security - Notify plugin committers when a new committer is added
------------------------------+--------------------
Reporter: dd32 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Keywords:
------------------------------+--------------------
To ensure that plugin authors are aware of what's happening with the
plugin they're a committer for, we should email existing committers when a
new committer is added to a plugin they're a committer for.
The list of committers for a plugin is fairly hidden, and unless an author
was to actually look at the list, it's impossible to know that another
user has been added until they receive a commit notification.
This would primarily prevent a compromised account being used to add a
committer.
Suggested Email that needs some wording work:
{{{
From: WordPress Plugins <plugins at ...>
Subject: New Committer added to {$plugin_name}
G'Day {$user_login}!
{$new_committer} has been added as a committer to {$plugin_name} by
{$committer_who_added_user}.
The following people now have write-access to {$plugin_name}:
* {$me}
* {$myself}
* {$you}
You can manage this list at {$url}.
If you believe this was in error or didn't perform this action yourself,
please contact the Plugins Team immediately and ensure that your password
is secure.
-- WordPress Plugins Team
}}}
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5351>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list