[wp-meta] [Making WordPress.org] #5351: Plugin Security - Notify plugin committers when a new committer is added

Making WordPress.org noreply at wordpress.org
Wed Aug 5 08:02:16 UTC 2020


#5351: Plugin Security - Notify plugin committers when a new committer is added
------------------------------+--------------------
 Reporter:  dd32              |      Owner:  (none)
     Type:  enhancement       |     Status:  new
 Priority:  normal            |  Milestone:
Component:  Plugin Directory  |   Keywords:
------------------------------+--------------------
 To ensure that plugin authors are aware of what's happening with the
 plugin they're a committer for, we should email existing committers when a
 new committer is added to a plugin they're a committer for.

 The list of committers for a plugin is fairly hidden, and unless an author
 was to actually look at the list, it's impossible to know that another
 user has been added until they receive a commit notification.

 This would primarily prevent a compromised account being used to add a
 committer.

 Suggested Email that needs some wording work:
 {{{
 From: WordPress Plugins <plugins at ...>
 Subject: New Committer added to {$plugin_name}

 G'Day {$user_login}!

 {$new_committer} has been added as a committer to {$plugin_name} by
 {$committer_who_added_user}.

 The following people now have write-access to {$plugin_name}:
  * {$me}
  * {$myself}
  * {$you}

 You can manage this list at {$url}.

 If you believe this was in error or didn't perform this action yourself,
 please contact the Plugins Team immediately and ensure that your password
 is secure.

 -- WordPress Plugins Team
 }}}

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/5351>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list