[wp-trac] [WordPress Trac] #48486: Add compliance tab to plugin repository pages on WordPress.org

WordPress Trac noreply at wordpress.org
Mon Dec 9 17:45:13 UTC 2019


#48486: Add compliance tab to plugin repository pages on WordPress.org
-------------------------+-------------------------------------------------
 Reporter:  katwhite     |       Owner:  (none)
     Type:  feature      |      Status:  new
  request                |
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Plugins      |     Version:  5.3
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  accessibility, docs, privacy,
                         |  coding-standards
-------------------------+-------------------------------------------------

Comment (by Ipstenu):

 @carike Keeping discussions in ONE place will make it easier for everyone
 to follow along and reduce the loss of comments. It's recommended we
 either use this, or the official github, but we strongly discourage the
 use of personal git repos. I've been guilty of it in the past, but it
 tends to cause confusion about what's official and what's not. You're
 welcome to copy stuff over, of course, but things should be here, with the
 same readme uploaded as a file for people to look at.  :)

 There's nothing bad about a readme, it just has flaws. To be clear, so
 will any automated testing/scanning we invent. We're going to need both.

 But those are actually separate projects.

 THIS TICKET is to add a COMPLIANCE TAB to the WP.org plugin page.

 Full stop, okay?

 We need to define what that means, in PLAIN LANGUAGE, so it can be readily
 understood by as many people as possible.

 I recommend a SECOND ticket for "Automated scanning of external services
 to be included on the wp.org page"

 In THAT ticket we can discuss what needs to be looked for, and how it
 should be generated.

 But I want to stress, these are NOT the same thing. Conflating it all into
 one will make this impossible to achieve. And we absolutely need BOTH.

 Now I remember one of the early concerns is that the info should be in the
 plugin as well as the repo page. And we don't want to duplicate effort
 (otherwise people just ... won't).

 The only alternative I can think of is a json file that gets read by the
 .org repo

 @tellyworth is that even possible? If not, we're stuck with the readme. If
 SO, let's use this ticket to work on the best and easiest way to have a
 json or xml file, with a standard name that goes in the MAIN folder of a
 plugin, and will be used to generate the privacy tab.

 Yes, that will be manual effort by developers, but then in the OTHER
 ticket (which I think @carike should make, since they have a clearer
 vision of this) we can talk about auto-generating data in that tab, like
 we do for blocks. Combined, that will be our best bet at getting people
 informed.

 Bonus? If you see a plugin has a lot of external calls without any
 explanations from that json/xml/whatever file, you can alert people :)

 Third (future) step would be AFTER we have that scanner, incorporate it
 into the plugin uploader and/or SVN to stop abuse before it happens. But
 that's down the road a long ways.

 Achievable steps.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48486#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list