[wp-trac] [WordPress Trac] #16898: Fix plugins about page license requirement
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 29 16:07:35 UTC 2012
#16898: Fix plugins about page license requirement
--------------------------------+----------------------------
Reporter: scribu | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: WordPress.org
Component: WordPress.org site | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by Otto42):
Replying to [comment:46 Rarst]:
> Note that repository rules say that "All images and scripts shown should
be part of the plugin". I think this is rule even more obscure and less
policed than license one, but still it there and trying to fetch things
from elsewhere is technically breaking it.
We actually try to enforce that one very strictly. Pulling JS code from
another site is a no-no because it's a security issue.
We do make exceptions for the brain-dead obvious stuff. A Facebook plugin
can use JS code from Facebook servers. A Twitter plugin can use JS code
from Twitter servers. That sort of obviousness is okay.
What isn't okay is when a plugin includes JS code from some random server
we've never heard of, or a server which is tied back to the plugin author,
and there's seemingly no reason for doing so, or there's no reason that
the code couldn't be included in the plugin itself. This is basically an
attempt to do an end run around our spot checking for security issues,
since the author can change the JS on the fly and compromise any sites
running said plugin.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16898#comment:47>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list