[wp-trac] [WordPress Trac] #49072: Move readme.html & license.txt out of project root (maybe into Uploads?)
WordPress Trac
noreply at wordpress.org
Mon Dec 23 23:13:06 UTC 2019
#49072: Move readme.html & license.txt out of project root (maybe into Uploads?)
-----------------------------+-----------------------------
Reporter: johnjamesjacoby | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
On the majority of WordPress installations, it is possible to navigate to
2 files that are outside of the control of PHP:
* https://nacin.com/license.txt
* https://nacin.com/readme.html
One could argue that it is a good thing these files are visible; that the
GPL license is something worth sharing at the root, or that the Famous 5
Minute Install is still an idea worth promoting.
However, it is not uncommon to re/move these files, or otherwise obscure
them via other means (server configurations, running WordPress in a
subdirectory, etc...)
* https://ma.tt/license.txt
* https://wordpress.com/license.txt
* https://wordpress.org/license.txt
All of the immediately above URLs do not work, and result in a 404 page.
----
Some folks recommend removing these files as a security precaution, though
I'm not confident this ultimately protects from very much.
Some folks delete these files from their internal WordPress forks simply
to reduce their maintenance footprint, particularly when they do not need
to distribute their changes.
Ultimately though, I have always considered these files to be assets that
belong ''inside'' of WordPress, not ''outside'' of it. `license.txt` is
important to the person who downloaded and installed it, not to any
visitor of the site, and the same can be said about `readme.html`. That's
why, I believe, these assets would be better served as part of the Default
Site Content, specifically inside the Media Library.
I'm imagining that, upon a successful installation, these files would be
moved out of the root of the installation, and into corresponding Media
Attachments, as the very first 2 files in the Media Library.
* This helps promote the ideologies of the GPL to end users, and hopefully
forces us to consider how valuable the content inside of `readme.html`
really is these days (it still links to Planet, IRC, the Codex, and a
number of other deprecated locations.)
* This helps users familiarize themselves with what kinds of files can
exist inside the Media Library (`.html` is not an allowed file type, so
this would likely need a total rethink, maybe a `.txt` file is
sufficient?)
The reason I'm including the proposed solution above, is because I think
these files still need to exist in the root as part of the pre-
installation experience. Once installed, though, these files become
invisibly burdensome on the web server, as they are untracked in PHP and
rarely changing in the WordPress project.
This is another one of those far-out JJJ ideas that I'm not expecting much
serious traction on, but I do think would be a welcome improvement to the
overall WordPress installation process. Other OSS projects do something
similar with their own bundled assets (NextCloud, GitLab, etc...) so this
is not a completely new idea.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49072>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list