[wp-meta] [Making WordPress.org] #5868: Improve checks on non-viable plugin names to prevent abuse

Making WordPress.org noreply at wordpress.org
Thu Aug 19 02:54:13 UTC 2021

#5868: Improve checks on non-viable plugin names to prevent abuse
 Reporter:  Ipstenu           |       Owner:  (none)
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:                    |

Comment (by dd32):

 > And that doesn't really touch on how to prevent abuse after approval :(
 We use SVN so that would need someone with amazing SVN chops to dig into.

 I think we can work around this by simply applying the trademark term
 blocks during the import from svn stage too.

 I'm imagining something like:
  - ACME is registered trademark, only @acme.org emails are authorised.
  - XYZ is rejected for the plugin 'acme-widgets', gets approved once they
 rename to 'Block Widgets for ACME theme' (please disregard any existing
 trademark requirements for this example)
  - SVN Commit 1 with 'Block Widgets for ACME Theme' (v1) is imported
  - SVN Commit 2 with 'Block Widgets for ACME Theme By XYZ Team' (v2) is
  - SVN Commit 3 with 'ACME Block Widgets By XYZ Team' (v3) is then
 commited, and we simply don't ever import that SVN commit. Maybe we email
 the author at this point along the lines of "Commit 3 has been skipped by
 the plugin directory due to failing to meet the automated trademark terms.
 Please review <link> and contact plugins at wordpress.org if you believe this
 is in error."

 At that point, the problematic plugin will remain live as 'Block Widgets
 for ACME Theme By XYZ Team' (v1) and the problematic new version 'ACME
 Block Widgets By XYZ Team' (v3) remains unreleased / unseen by the
 WordPress ecosystem, other than for the svn commit.

 I see two ways to which trademarks would be allowed to be used in this
 1. The existing ''owner email'' allowance list for the term. I think this
 is the defacto obvious only case we really need to support.
 2. We add a field in wp-admin, editable by plugin reviewers, which defined
 the list of terms that the author / trademark owner has stated the plugin
 may use. For example, Let's say ACME & XYZ come to an agreement to jointly
 name the plugin as 'ACME Widgets', they could transfer it to an
 `@acme.org` email address, or the plugins team could add 'ACME' as a
 authorised trademark term to the plugin metadata?.

 I'm suggesting #2 as instinctively think there's going to be edge-cases
 and grandfathered uses that are allowed, but maybe I'm wrong, and I'm over
 thinking it, and the email allowance is simply enough. Especially since
 'agreements' for one company to use a term to another can be rescinded at
 any time and is one of the reasons for the hardline trademark rules we
 have, to limit the amount of work the reviewers team have to spend on
 legal requests/threats.

Ticket URL: <https://meta.trac.wordpress.org/ticket/5868#comment:6>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list