[wp-meta] [Making WordPress.org] #6511: Bring back the active install growth chart

Making WordPress.org noreply at wordpress.org
Sat Oct 8 13:26:02 UTC 2022 

#6511: Bring back the active install growth chart
------------------------------+---------------------
 Reporter:  markzahra         |       Owner:  (none)
     Type:  enhancement       |      Status:  new
 Priority:  high              |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:                    |
------------------------------+---------------------

Comment (by jegstudio):

 Replying to [comment:4 markzahra]:
 > Replying to [comment:3 johnjamesjacoby]:
 >
 > Hi John, I'd like to clarify a few things from your reply since it's
 left me with more questions than answers, unfortunately.
 >
 > > See also [https://meta.trac.wordpress.org/ticket/3016#comment:12 this
 comment] from @mnelson4 on 3018:
 > >
 > > > I assume this was a closed-door security or privacy decision taken
 by a larger group than just the committer.
 > >
 > > This assumption is correct. 💯
 >
 > What is this confirmation based on? Were you part of the group or are
 aware of who formed part of that group, or is your confirmation based on
 something else?
 >

 as someone who recently just got released from suspension, and also got a
 review report rejected by @Otto42, I do not have the intention to defend
 Automattic or people who work behind meta team. But i can confirm that
 it's true if there is a security hole on active install. anyone can
 inflate any plugin active install, and it must be huge problem for plugin
 repository.

 Active install count relies on user input. and it's possible to alter the
 behavior & response. WordPress team should really consider hiding active
 install from the public and make it private. having those data publicly
 (active install & growth) causes more harm than good in my opinion,
 especially if WordPress cannot really trust the data from the user. its
 also invite people to attack other people plugin by leaving bad review if
 they feel threatened by other plugin growth. Those data should only be
 accessible for private and provide no reward for having high active
 install (for example on search).

 btw. we are not suspended because of this issue. and even if we can
 inflate plugin active install, we won't do that for our benefit.

 I'm pro to make those data private only for plugin owner (active install &
 growth) and provide no benefit for active install count.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/6511#comment:91>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list