[wp-meta] [Making WordPress.org] #5868: Improve checks on non-viable plugin names to prevent abuse
Making WordPress.org
noreply at wordpress.org
Thu Aug 19 02:54:13 UTC 2021
#5868: Improve checks on non-viable plugin names to prevent abuse
------------------------------+---------------------
Reporter: Ipstenu | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by dd32):
> And that doesn't really touch on how to prevent abuse after approval :(
We use SVN so that would need someone with amazing SVN chops to dig into.
I think we can work around this by simply applying the trademark term
blocks during the import from svn stage too.
I'm imagining something like:
- ACME is registered trademark, only @acme.org emails are authorised.
- XYZ is rejected for the plugin 'acme-widgets', gets approved once they
rename to 'Block Widgets for ACME theme' (please disregard any existing
trademark requirements for this example)
- SVN Commit 1 with 'Block Widgets for ACME Theme' (v1) is imported
- SVN Commit 2 with 'Block Widgets for ACME Theme By XYZ Team' (v2) is
imported
- SVN Commit 3 with 'ACME Block Widgets By XYZ Team' (v3) is then
commited, and we simply don't ever import that SVN commit. Maybe we email
the author at this point along the lines of "Commit 3 has been skipped by
the plugin directory due to failing to meet the automated trademark terms.
Please review <link> and contact plugins at wordpress.org if you believe this
is in error."
At that point, the problematic plugin will remain live as 'Block Widgets
for ACME Theme By XYZ Team' (v1) and the problematic new version 'ACME
Block Widgets By XYZ Team' (v3) remains unreleased / unseen by the
WordPress ecosystem, other than for the svn commit.
I see two ways to which trademarks would be allowed to be used in this
scenartio:
1. The existing ''owner email'' allowance list for the term. I think this
is the defacto obvious only case we really need to support.
2. We add a field in wp-admin, editable by plugin reviewers, which defined
the list of terms that the author / trademark owner has stated the plugin
may use. For example, Let's say ACME & XYZ come to an agreement to jointly
name the plugin as 'ACME Widgets', they could transfer it to an
`@acme.org` email address, or the plugins team could add 'ACME' as a
authorised trademark term to the plugin metadata?.
I'm suggesting #2 as instinctively think there's going to be edge-cases
and grandfathered uses that are allowed, but maybe I'm wrong, and I'm over
thinking it, and the email allowance is simply enough. Especially since
'agreements' for one company to use a term to another can be rescinded at
any time and is one of the reasons for the hardline trademark rules we
have, to limit the amount of work the reviewers team have to spend on
legal requests/threats.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5868#comment:6>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list