[wp-meta] [Making WordPress.org] #5352: Plugin Security - Add email confirmation prior to releases being processed

Making WordPress.org noreply at wordpress.org
Thu Aug 6 18:15:41 UTC 2020

#5352: Plugin Security - Add email confirmation prior to releases being processed
 Reporter:  dd32              |       Owner:  (none)
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:                    |

Comment (by Ipstenu):

 I'm sitting on the fence about disallowing 'trunk' as a stable version. I
 (personally) laud it. I'm also aware that people like to dev how they like
 to dev.

 > Thankfully only 15% of plugins with >= 100k active installs use trunk,
 but that's still not a small number.

 We have ~57k active plugins at the moment. How many of those (raw numbers)
 use trunk?

 My gut tells me we should make it by steps.

 1. Write something for developer/plugins that explains why you don't use
 2. If you use TRUNK as stable, you get alerts/warnings on every commit. An
 email "Hi, using TRUNK for your stable release is not recommended [link to
 article we need to write]"
 3. If you use TRUNK as stable you see (when you visit your plugin page) a
 warning about using trunk.
 4. Make a make/plugins post about trunk, and give a time-frame for no more
 5. Email everyone left using trunk with a link to the article and the
 6. On the date, stop allowing trunk

 We can also say "disable auto updates for plugins using trunk as stable"
 though I don't know if the API (as is) is robust enough to handle that.
 It's something we should consider.

Ticket URL: <https://meta.trac.wordpress.org/ticket/5352#comment:14>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list