[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Thu Oct 5 15:50:52 UTC 2017
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+------------------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+------------------------------
Comment (by javorszky):
Can someone from the core team tell me why exactly adding a simple filter
gets pushback for years? It's backwards compatible, it doesn't affect
people who don't care about it, and it would make people who do care about
it happier.
I understand the need to do a different upgrade path for sites that are
too large, but as it was indicated earlier, that information has never
been used. Essentially this is preoptimisation, which is not something you
should do in software do begin with, certainly not in a project that
powers 1/4 of the internet.
Can also members of the core dev team tell us how many features that are
in WordPress core today that started with them being a plugin? Why were
those brought in? Why weren't the argument that "oh, there's a plugin that
does already that" used then?
Then there are the examples of other projects dealing with the issue
differently (better):
Ghost - https://github.com/TryGhost/Ghost/pull/3064 (issue where this was
discussed) and https://github.com/TryGhost/Ghost/blob/master/PRIVACY.md
(current version of the documentation)
npm - https://github.com/npm/policies/blob/master/privacy.md
piwik - https://github.com/piwik/piwik/issues/6196
Not only that, Ghost offers the ability to turn off updates / gravatars /
google fonts, etc, because each and every one of them are leaking
personally identifiable information (no, I'm not interested in debating
how that information is personally identifiable, that's been established
in other tickets / in blog posts, etc).
So... why is WordPress unwilling to START adopting something resembling a
privacy conscious development flow?
Or to be less confrontational: what needs to happen for WordPress to start
adopting something resembling a privacy conscious development flow?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:96>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list