[wp-trac] [WordPress Trac] #48486: Add compliance tab to plugin repository pages on WordPress.org
WordPress Trac
noreply at wordpress.org
Mon Dec 9 17:45:13 UTC 2019
#48486: Add compliance tab to plugin repository pages on WordPress.org
-------------------------+-------------------------------------------------
Reporter: katwhite | Owner: (none)
Type: feature | Status: new
request |
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version: 5.3
Severity: normal | Resolution:
Keywords: | Focuses: accessibility, docs, privacy,
| coding-standards
-------------------------+-------------------------------------------------
Comment (by Ipstenu):
@carike Keeping discussions in ONE place will make it easier for everyone
to follow along and reduce the loss of comments. It's recommended we
either use this, or the official github, but we strongly discourage the
use of personal git repos. I've been guilty of it in the past, but it
tends to cause confusion about what's official and what's not. You're
welcome to copy stuff over, of course, but things should be here, with the
same readme uploaded as a file for people to look at. :)
There's nothing bad about a readme, it just has flaws. To be clear, so
will any automated testing/scanning we invent. We're going to need both.
But those are actually separate projects.
THIS TICKET is to add a COMPLIANCE TAB to the WP.org plugin page.
Full stop, okay?
We need to define what that means, in PLAIN LANGUAGE, so it can be readily
understood by as many people as possible.
I recommend a SECOND ticket for "Automated scanning of external services
to be included on the wp.org page"
In THAT ticket we can discuss what needs to be looked for, and how it
should be generated.
But I want to stress, these are NOT the same thing. Conflating it all into
one will make this impossible to achieve. And we absolutely need BOTH.
Now I remember one of the early concerns is that the info should be in the
plugin as well as the repo page. And we don't want to duplicate effort
(otherwise people just ... won't).
The only alternative I can think of is a json file that gets read by the
.org repo
@tellyworth is that even possible? If not, we're stuck with the readme. If
SO, let's use this ticket to work on the best and easiest way to have a
json or xml file, with a standard name that goes in the MAIN folder of a
plugin, and will be used to generate the privacy tab.
Yes, that will be manual effort by developers, but then in the OTHER
ticket (which I think @carike should make, since they have a clearer
vision of this) we can talk about auto-generating data in that tab, like
we do for blocks. Combined, that will be our best bet at getting people
informed.
Bonus? If you see a plugin has a lot of external calls without any
explanations from that json/xml/whatever file, you can alert people :)
Third (future) step would be AFTER we have that scanner, incorporate it
into the plugin uploader and/or SVN to stop abuse before it happens. But
that's down the road a long ways.
Achievable steps.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48486#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list