[wp-trac] [WordPress Trac] #48486: Add compliance tab to plugin repository pages on WordPress.org

WordPress Trac noreply at wordpress.org
Sun Dec 8 22:11:18 UTC 2019 

#48486: Add compliance tab to plugin repository pages on WordPress.org
-------------------------+-------------------------------------------------
 Reporter:  katwhite     |       Owner:  (none)
     Type:  feature      |      Status:  new
  request                |
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Plugins      |     Version:  5.3
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  accessibility, docs, privacy,
                         |  coding-standards
-------------------------+-------------------------------------------------

Comment (by Ipstenu):

 I want to toss in one more note.

 We've got a LOT of disparate aspects of this in one ticket. This is huge.
 So I suggest everyone start smaller.

 What do we NEED? What do we WANT?

 We **need** a dedicated TAB where Developers can put information regarding
 what their plugin does, what data it calls remotely (i.e. fonts and APIs),
 what data it SENDS (APIs again), and links to privacy/ToS so people can be
 informed before they install and use a plugin.

 We **need** to make this easy (or else no one will use it) and not prone
 to fits of creativity (or it will be too confusing and useless to end
 users).

 We **need** this to be simple.

 Right now it's way too big a concept, spread out over the whole place, to
 be that.

 So step back. What's the basic START we can have?

 Dream big, yes, think about all the wants like something like the block
 scanner that scrapes everything that calls remote data. But accept that
 the inherent nature of plugins (that is, they are there to do ANYTHING)
 will make any sort of scanner impossible to be 100% accurate.

 That means no matter WHAT we do, we're relying on humans. So lets make
 this easier for humans.

 If you wanted to do it outside of WP, you'd have a form someone filled in
 with the information:

 * Use fonts - yes/no. If yes, link to font library (i.e. google,
 FontAwesome)
 * Use external API - yes/no. If yes, link to the API and it's ToS

 Maybe this could be as easy as more headers in the readme.txt, and we
 teach the checker to see "IF fonts are set to TRUE, then REQUIRE the
 links."

 Follow that up with scripting a readme validator into the plugin uploader
 (sorry @tellyworth and @Otto42 ) and maybe throw in an SVN scan for it on
 plugin update. Readme doesn't validate? No update for you!

 Of course people will just leave things out, but that's a heck of a lot
 easier to close and tell them "Hey, you didn't document." In fact, it's
 the same as it is today, with a little more automation.

 But start with "We need this tab, and we need a quick and easy format for
 people to follow."

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48486#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list