[wp-trac] [WordPress Trac] #51092: Create a JSON schema for Privacy and Other Related Disclosures

WordPress Trac noreply at wordpress.org
Mon Aug 31 07:29:27 UTC 2020


#51092: Create a JSON schema for Privacy and Other Related Disclosures
----------------------------------+--------------------------------
 Reporter:  carike                |       Owner:  (none)
     Type:  enhancement           |      Status:  new
 Priority:  normal                |   Milestone:  5.6
Component:  Privacy               |     Version:  trunk
 Severity:  normal                |  Resolution:
 Keywords:  needs-privacy-review  |     Focuses:  rest-api, privacy
----------------------------------+--------------------------------
Description changed by carike:

Old description:

> **Background:**
>
> The Disclosures Tab is an initiative that is underway in the Core Privacy
> Team.
> The aim is to help site owners / admins better understand what
> information their site (plugins, themes and Core) collects, where the
> information is stored and where it is sent - and in particular, who it is
> shared with.
> We hope to help site owners / admins make more informed privacy choices
> (e.g. when choosing which plugin to install) and to better understand
> their risk profile when it comes to privacy.
> For the most part, the actual "controlling" is planned for a sibling
> plugin, the Permissions Tab, which is not currently intended to be merged
> into Core, as this will contain more advanced settings.
> You can read more about the various privacy initiatives here:
> https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-
> meeting-19-august-2020/
>
> **The Challenge:**
>
> Free-form disclosures in the readme.txt would create a lot of additional
> work for the plugins review team.
> Moreover, it makes it near impossible to compare across plugins, or to
> use the information in any sort of automated process.
> The Disclosures Tab seeks to standardize the way that plugin, theme
> authors and Core can disclose privacy and other related concerns to site
> owners / admins, by creating quasi-"headers" and limiting the acceptable
> values for each.
>
> **The Solution:**
>
> Each plugin, theme and core component can have a file called
> disclosures.json that could be read by Core (and Meta) using relatively
> simple REST API functionality.
>
> In its current form, the JSON schema does not set any fields as
> "required".
> As URLs are not one of the six data types accepted by JSON, these types
> have been set as "string"s.
> The format for internal URLs has been set to "uri-reference" to allow for
> relative URLs.
> Items are not marked as "uniqueItems" because we would rather warn (after
> validation in PHP) than reject the file because of duplicates.
>
> **Scope:**
>
> This ticket proposes the schema.
> [] will be created for the validation of the schema by Core (particularly
> the URLs using PHP).
> [] will be created for internationalization (WP CLI and WordPress.org).
> #51156 creates developer documentation.
> #51144 proposes a UI for site-level privacy disclosures and related
> settings.
>
> {{{#!php
> <?php
> {
>    "$schema": "https://core.trac.wordpress.org/ticket/51092",
>    "$id": "https://example.com/to.be.filled.in.later.disclosures.json",
>    "description": "The vision of the Disclosures Tab is for site
> administrators to understand their site's privacy risk profile and to
> make more informed privacy-related choices as a result. The mission of
> the Disclosures Tab is to help site administrators understand what
> information their site collects, where it is stored and where it is sent
> - and in particular, with whom it is shared.",
>    "type": "object",
>    "properties": {
>       "info": {
>          "description": "This section provides information to help
> identify the code.",
>          "type": "object",
>          "properties": {
>             "component": {
>                "description": "One of the following values: plugin,
> theme, or the specific Core component (e.g. avatar).",
>                "type": "string"
>             },
>             "slug": {
>                "description": "The slug, if the code relates to a plugin
> or a theme.",
>                "type": "string"
>             },
>             "version": {
>                "description": "Which version of disclosures.json this
> represents for the individual component.",
>                "type": "string"
>             },
>             "since": {
>                "description": "The plugin or theme's version number, or
> the Core version, if the component is a Core component, which introduced
> the current version of this disclosures.json file. I.e. this should
> represent the since value.",
>                "type": "string"
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "licenses": {
>          "description": "This section contains more information about
> licensing."
>          "type": "object",
>          "properties": {
>             "code": {
>                "description": "A comma-separated list of URLs linking to
> the licenses that applies to this component (plugin, theme, or Core
> component)'s use.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "localAssets": {
>                "description": "A comma-separated list of URLs to the
> license that applies to the use of each asset that has been included
> locally. This should include the license of any bundled libraries, as
> well as the licenses of any images, fonts, etc.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                },
>             },
>             "remoteAssets": {
>                "description": "A comma-separated list of URLs to the
> licenses that applies to the use of each asset that is accessed remotely.
> This should the licenses of any external libraries, as well as the
> licenses of any images, fonts, etc.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                },
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "external": {
>          "description": "This section provides more information relating
> to the Privacy Policies of the external network sites being called.",
>          "type": "object",
>          "properties": {
>             "PHP": {
>                "description": "A comma-separated list of URLs of links to
> the respective Privacy Policies of the sites to which the external
> network calls are being made in PHP.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                },
>             },
>             "JavaScript": {
>                "description": "A comma-separated list of URLs linking to
> the respective Privacy Policies of the sites to which the external
> network calls are being made in JavaScript.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                },
>             },
>             "CSS": {
>                "description": "A comma-separated list of URLs linking to
> the respective Privacy Policies of the sites to which the external
> network calls are being made in CSS.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                },
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "terms": {
>          "description": "This section contains more information about
> third party terms and conditions that may apply to use of the software.",
>          "type": "object"
>          "properties": {
>             "SaaS": {
>                "description": "A comma-separated list of URLs linking to
> the Terms of Service of any instances of Software as a Service.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "externalAPIs": {
>                "description": "A comma-separated list of URLs linking to
> the Terms of Service of any external API being used.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "remoteAssets": {
>                "description": "A comma-separated list of URLs linking to
> the Terms of Service that applies to the use of each remote asset. This
> relates to the use of CDNs for images, fonts, etc.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "registration": {
>                "description": "A comma-separated list of URLs linking to
> the Terms of Service that apply to any accounts that need to be
> registered in order to be able to make use of this component's code.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri"
>                }
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "openWeb": {
>          "description": "Details about mechanisms that allow others to
> obtain information from the site without browsing the website's front
> end.",
>          "type": "object",
>          "properties": {
>             "apiEndpoints": {
>                "description": "A comma-separated list of relative URLs
> for any internal API endpoints that are created by the code.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri-reference"
>                }
>             },
>             "feeds": {
>                "description": "A comma-separated list of relative URLs
> for any internal feeds that are created by the code.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                   "format": "uri-reference"
>                }
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "clientSide": {
>          "type": "object",
>          "properties": {
>             "setsCookiesPHP": {
>                "description": "The names of any cookies that have been
> set using PHP.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                }
>             },
>             "setsCookiesJavaScript": {
>                "description": "The names of any cookies that have been
> set using JavaScript.",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                }
>             },
>             "usesLocalStorage": {
>                "description": "Whether or not the code makes use of local
> storage.",
>                "type": "boolean"
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "communication": {
>          "description": "This section provides more information about how
> the software communicates with external parties.",
>          "type": "object",
>          "properties": {
>             "email": {
>                "type": "object",
>                "properties": {
>                   "sends": {
>                      "description": "Whether or not the code sends
> e-mails.",
>                      "type": "boolean"
>                   },
>                   "subscribed": {
>                      "description": "Whether e-mails are only sent to
> users that have subscribed for that particular e-mail (e.g. a
> newsletter).",
>                      "type": "boolean"
>                   }
>                }
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "database": {
>          "description": "This section contains information about how the
> software interacts with the site's database (MySQL or MariaDB).",
>          "type": "object",
>          "properties": {
>             "writesToDB": {
>                "description": "Whether or not the code writes to the
> database.",
>                "type": "object",
>                "properties": {
>                   "auto": {
>                      "type": "array",
>                      "items": {
>                         "description": "Whether or not the code writes to
> the database in relation to information that is not explicitly input by a
> user.",
>                         "type": boolean
>                      },
>                      "additionalItems": false
>                   },
>                   "manual": {
>                      "type": "array",
>                      "items": {
>                         "description": "Whether or not the code writes
> information to the database that was explicitly input by the user.",
>                         "type": boolean
>                      },
>                      "additionalItems": false
>                   }
>                }
>             },
>             "CPT": {
>                "description": "Whether the component creates any Custom
> Post Types.",
>                "type": "object",
>                "properties": {
>                   "auto": {
>                      "type": "array",
>                      "items": {
>                         "description": "Whether or not the code
> automatically creates any Custom Post Types without user intervention.",
>                         "type": "boolean"
>                      "additionalItems": {
>                         "description": "The names of any Custom Post
> Types that are created automatically by the code without user
> intervention.",
>                         "type": "string",
>                      }
>                   },
>                   "manual": {
>                      "type": "array",
>                      "items": {
>                         "description": "Whether or not the code allows
> for users to generate Custom Post Types.",
>                         "type": "boolean",
>                      },
>                      "additionalItems": false
>                   }
>                }
>             },
>             "customTables": {
>                "description": "Whether or not the code creates any custom
> tables in the database.",
>                "type": "object",
>                "properties": {
>                   "auto": {
>                      "type": "array",
>                      "items": {
>                         "description": "Whether or not custom tables are
> automatically created by the code without user intervention.",
>                         "type": "boolean"
>                      },
>                      "additionalItems": {
>                         "description": "The names of any custom tables
> that are automatically created by the code without user intervention.",
>                         "type": "string"
>                      }
>                   },
>                   "manual": {
>                      "type": "array",
>                      "items": {
>                         "description": "Whether or not the code allows
> the user to create any custom tables.",
>                         "type": "boolean"
>                      },
>                      "additionalItems": false
>                   }
>                }
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "otherStorage": {
>          "description": "Provides more information about where
> information may be stored, other than the database.",
>          "type": "object",
>          "properties": {
>             "writesToFiles": {
>                "description": "A comma-separated list of file types the
> code writes to (e.g. .txt).",
>                "type": "array",
>                "items": {
>                   "type": "string",
>                }
>             },
>             "fileStructure": {
>                "description": "Whether or not the code makes changes to
> the website's file structure.",
>                "type": "object",
>                "properties": {
>                   "auto": {
>                      "description": "Whether or not the code makes
> changes, or is capable of making changes, to the website's file structure
> that are not explicitly initiated by a user. This should not include
> files that are added directly from the repository, or in the original
> .zip file.",
>                      "type": "boolean"
>                   },
>                   "manual": {
>                      "description": "Whether or not the code makes
> changes, or is capable of making changes, to the website's file structure
> that are explicitly initiated by the user. This should not include files
> that are added directly from the repository, or in the original .zip
> file.",
>                   }
>                }
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "automation": {
>          "description": "Provides more information with regards to action
> taken by the code without user input.",
>          "type": "object",
>          "properties": {
>             "cron": {
>                "description": "Whether the code makes use of scheduled
> tasks that do not require user input.",
>                "type": "boolean"
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "ppi": {
>          "description": "Whether or not the code stores any Protected
> Personal Information.",
>          "type": "boolean"
>       },
>       "compatibility": {
>          "description": "Indicates whether or not the code is compatible
> with Privacy Tools.",
>          "type": "object",
>          "properties": {
>             "ppiExport": {
>                "description": "Does the developer, in good faith,
> consider the code to be compatible with the PPI Export Tool in
> WordPress?",
>                "type": "array",
>                "items": [
>                   {
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": false
>             },
>             "ppiErasure": {
>                "description": "Does the developer, in good faith,
> consider the code to be compatible with the PPI Erasure Tool in
> WordPress?",
>                "type": "array",
>                "items": [
>                   {
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": false
>             },
>             "consentAPI": {
>                "description": "Does the developer, in good faith,
> consider the code to be compatible with the WordPress Consent API?",
>                "type": "array",
>                "items": [
>                   {
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": false
>             },
>             "disclosuresTab": {
>                "description": "Does the developer, in good faith,
> consider the code to be compatible with the Disclosure Tab?",
>                "type": "array",
>                "items": [
>                   {
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": false
>             },
>             "permissionsTab": {
>                "description": "Does the developer, in good faith,
> consider the code to be compatible with the Permissions Tab?",
>                "type": "array",
>                "items": [
>                   {
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": false
>             }
>          }
>       },
> }}}
>
> {{{#!php
> <?php
>       "monetization": {
>          "type": "object",
>          "description": "This section provides more information about
> monetization practices. It is included to help facilitate transparency
> and fair business dealings. Please note that disclosure here does not
> relieve a developer from any specific obligations that they may have
> under applicable statutes.",
>          "properties": {
>             "upsells": {
>                "description": "More information about upselling in the
> code.",
>                "type": "array",
>                "items": [
>                   {
>                      "description": "Does this code promote a paid
> version, or extensions, or other products or services from the same
> author(s)?",
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": {
>                   "description": "A comma-separate list of URLs linking
> to the Terms of Service that apply to any paid version, or extension, or
> other products or services from the same author(s).",
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "donations": {
>                "description": "More information about donations that are
> facilitated by the code.",
>                "type": "array",
>                "items": [
>                   {
>                      "description": "Does this code contain any request,
> or information in order to, donate to the plugin or its developer(s)?",
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": {
>                   "description": "A comma-separated list of URLs linking
> to the Terms of Service that apply to the platform being used to
> facilitate donations.",
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "backLinks": {
>                "description": "More information about the code requesting
> credit.",
>                "type": "array",
>                "items": [
>                   {
>                      "description": "Does this code contain or generate,
> or ask the site owner / admin for permission to generate, backlinks?",
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": {
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "affiliates": {
>                "description": "More information about affiliate networks
> that are promoted by the code.",
>                "type": "array",
>                "items": [
>                   {
>                      "description": "Does this code contain, or generate
> affiliate links - i.e. links from which the author may receive
> conditional compensation, whether in money, or in kind?",
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": {
>                   "description": "A comma-separated list of URLs linking
> to the Terms of Service that apply to affiliate networks being promoted
> by the code.",
>                   "type": "string",
>                   "format": "uri"
>                }
>             },
>             "advertising": {
>                "description": "More information about advertising that is
> facilitated by the code.",
>                "type": "array",
>                "items": [
>                   {
>                      "description": "Does the code contain, or generate
> promotions or recommendations for any products or services not directly
> under the control of the author(s), for which the author(s) receive any
> compensation, whether in money, or in kind?",
>                      "type": "boolean"
>                   }
>                ],
>                "additionalItems": {
>                   "description": "A comma-separated list of URLs linking
> to the Terms of Service that apply to any products or services that are
> being advertised by the code.",
>                   "type": "string",
>                   "format": "uri"
>                }
>             }
>          }
>       }
>    }
> }
> }}}
>
> **Acknowledgements:**
>
> Thanks to Timothy for suggesting that we use a .json file instead of
> plugin and theme headers.
> Thanks to Swissspidy for information on i18n - see comment below.
> Thanks to Apedog for suggesting improved phrasing for the "external"
> property's description.

New description:

 **Background:**

 The Disclosures Tab is an initiative that is underway in the Core Privacy
 Team.
 The aim is to help site owners / admins better understand what information
 their site (plugins, themes and Core) collects, where the information is
 stored and where it is sent - and in particular, who it is shared with.
 We hope to help site owners / admins make more informed privacy choices
 (e.g. when choosing which plugin to install) and to better understand
 their risk profile when it comes to privacy.
 For the most part, the actual "controlling" is planned for a sibling
 plugin, the Permissions Tab, which is not currently intended to be merged
 into Core, as this will contain more advanced settings.
 You can read more about the various privacy initiatives here:
 https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-
 meeting-19-august-2020/

 **The Challenge:**

 Free-form disclosures in the readme.txt would create a lot of additional
 work for the plugins review team.
 Moreover, it makes it near impossible to compare across plugins, or to use
 the information in any sort of automated process.
 The Disclosures Tab seeks to standardize the way that plugin, theme
 authors and Core can disclose privacy and other related concerns to site
 owners / admins, by creating quasi-"headers" and limiting the acceptable
 values for each.

 **The Solution:**

 Each plugin, theme and core component can have a file called
 disclosures.json that could be read by Core (and Meta) using relatively
 simple REST API functionality.

 In its current form, the JSON schema does not set any fields as
 "required".
 As URLs are not one of the six data types accepted by JSON, these types
 have been set as "string"s.
 The format for internal URLs has been set to "uri-reference" to allow for
 relative URLs.
 Items are not marked as "uniqueItems" because we would rather warn (after
 validation in PHP) than reject the file because of duplicates.

 **Scope:**

 This ticket proposes the schema.
 [] will be created for the validation of the schema by Core (particularly
 the URLs using PHP).
 [] will be created for internationalization (WP CLI and WordPress.org).
 #51156 creates developer documentation.
 #51144 proposes a UI for site-level privacy disclosures and related
 settings.

 {{{#!php
 <?php
 {
    "$schema": "https://core.trac.wordpress.org/ticket/51092",
    "$id": "https://example.com/to.be.filled.in.later.disclosures.json",
    "description": "The vision of the Disclosures Tab is for site
 administrators to understand their site's privacy risk profile and to make
 more informed privacy-related choices as a result. The mission of the
 Disclosures Tab is to help site administrators understand what information
 their site collects, where it is stored and where it is sent - and in
 particular, with whom it is shared.",
    "type": "object",
    "properties": {
       "info": {
          "description": "This section provides information to help
 identify the code.",
          "type": "object",
          "properties": {
             "component": {
                "description": "One of the following values: plugin, theme,
 or the specific Core component (e.g. avatar).",
                "type": "string"
             },
             "slug": {
                "description": "The slug, if the code relates to a plugin
 or a theme.",
                "type": "string"
             },
             "version": {
                "description": "Which version of disclosures.json this
 represents for the individual component.",
                "type": "string"
             },
             "since": {
                "description": "The plugin or theme's version number, or
 the Core version, if the component is a Core component, which introduced
 the current version of this disclosures.json file. I.e. this should
 represent the since value.",
                "type": "string"
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "licenses": {
          "description": "This section contains more information about
 licensing."
          "type": "object",
          "properties": {
             "code": {
                "description": "A comma-separated list of URLs linking to
 the licenses that applies to this component (plugin, theme, or Core
 component)'s use.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                }
             },
             "localAssets": {
                "description": "A comma-separated list of URLs to the
 license that applies to the use of each asset that has been included
 locally. This should include the license of any bundled libraries, as well
 as the licenses of any images, fonts, etc.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                },
             },
             "remoteAssets": {
                "description": "A comma-separated list of URLs to the
 licenses that applies to the use of each asset that is accessed remotely.
 This should the licenses of any external libraries, as well as the
 licenses of any images, fonts, etc.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                },
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "external": {
          "description": "This section provides more information relating
 to the Privacy Policies of the external network sites being called.",
          "type": "object",
          "properties": {
             "PHP": {
                "description": "A comma-separated list of URLs of links to
 the respective Privacy Policies of the sites to which the external network
 calls are being made in PHP.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                },
             },
             "JavaScript": {
                "description": "A comma-separated list of URLs linking to
 the respective Privacy Policies of the sites to which the external network
 calls are being made in JavaScript.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                },
             },
             "CSS": {
                "description": "A comma-separated list of URLs linking to
 the respective Privacy Policies of the sites to which the external network
 calls are being made in CSS.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                },
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "terms": {
          "description": "This section contains more information about
 third party terms and conditions that may apply to use of the software.",
          "type": "object"
          "properties": {
             "SaaS": {
                "description": "A comma-separated list of URLs linking to
 the Terms of Service of any instances of Software as a Service.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                }
             },
             "externalAPIs": {
                "description": "A comma-separated list of URLs linking to
 the Terms of Service of any external API being used.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                }
             },
             "remoteAssets": {
                "description": "A comma-separated list of URLs linking to
 the Terms of Service that applies to the use of each remote asset. This
 relates to the use of CDNs for images, fonts, etc.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                }
             },
             "registration": {
                "description": "A comma-separated list of URLs linking to
 the Terms of Service that apply to any accounts that need to be registered
 in order to be able to make use of this component's code.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri"
                }
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "openWeb": {
          "description": "Details about mechanisms that allow others to
 obtain information from the site without browsing the website's front
 end.",
          "type": "object",
          "properties": {
             "apiEndpoints": {
                "description": "A comma-separated list of relative URLs for
 any internal API endpoints that are created by the code.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri-reference"
                }
             },
             "feeds": {
                "description": "A comma-separated list of relative URLs for
 any internal feeds that are created by the code.",
                "type": "array",
                "items": {
                   "type": "string",
                   "format": "uri-reference"
                }
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "clientSide": {
          "type": "object",
          "properties": {
             "setsCookiesPHP": {
                "description": "The names of any cookies that have been set
 using PHP.",
                "type": "array",
                "items": {
                   "type": "string",
                }
             },
             "setsCookiesJavaScript": {
                "description": "The names of any cookies that have been set
 using JavaScript.",
                "type": "array",
                "items": {
                   "type": "string",
                }
             },
             "usesLocalStorage": {
                "description": "Whether or not the code makes use of local
 storage.",
                "type": "boolean"
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "communication": {
          "description": "This section provides more information about how
 the software communicates with external parties.",
          "type": "object",
          "properties": {
             "email": {
                "type": "object",
                "properties": {
                   "sends": {
                      "description": "Whether or not the code sends
 e-mails.",
                      "type": "boolean"
                   },
                   "subscribed": {
                      "description": "Whether e-mails are only sent to
 users that have subscribed for that particular e-mail (e.g. a
 newsletter).",
                      "type": "boolean"
                   }
                }
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "database": {
          "description": "This section contains information about how the
 software interacts with the site's database (MySQL or MariaDB).",
          "type": "object",
          "properties": {
             "writesToDB": {
                "description": "Whether or not the code writes to the
 database.",
                "type": "object",
                "properties": {
                   "auto": {
                      "type": "array",
                      "items": {
                         "description": "Whether or not the code writes to
 the database in relation to information that is not explicitly input by a
 user.",
                         "type": boolean
                      },
                      "additionalItems": false
                   },
                   "manual": {
                      "type": "array",
                      "items": {
                         "description": "Whether or not the code writes
 information to the database that was explicitly input by the user.",
                         "type": boolean
                      },
                      "additionalItems": {
                         "description": "A comma-separated list of
 capabilities that authorize a user to write information to the database
 within the code.",
                         "type": "string"
                   }
                }
             },
             "CPT": {
                "description": "Whether the component creates any Custom
 Post Types.",
                "type": "object",
                "properties": {
                   "auto": {
                      "type": "array",
                      "items": {
                         "description": "Whether or not the code
 automatically creates any Custom Post Types without user intervention.",
                         "type": "boolean"
                      "additionalItems": {
                         "description": "The names of any Custom Post Types
 that are created automatically by the code without user intervention.",
                         "type": "string",
                      }
                   },
                   "manual": {
                      "type": "array",
                      "items": {
                         "description": "Whether or not the code allows for
 users to generate Custom Post Types.",
                         "type": "boolean",
                      },
                      "additionalItems": {
                         "description": "A comma-separated list of
 capabilities that authorize a user to create Custom Post Types within the
 code.",
                         "type": "string"
                      }
                   }
                }
             },
             "customTables": {
                "description": "Whether or not the code creates any custom
 tables in the database.",
                "type": "object",
                "properties": {
                   "auto": {
                      "type": "array",
                      "items": {
                         "description": "Whether or not custom tables are
 automatically created by the code without user intervention.",
                         "type": "boolean"
                      },
                      "additionalItems": {
                         "description": "The names of any custom tables
 that are automatically created by the code without user intervention.",
                         "type": "string"
                      }
                   },
                   "manual": {
                      "type": "array",
                      "items": {
                         "description": "Whether or not the code allows the
 user to create any custom tables.",
                         "type": "boolean"
                      },
                      "additionalItems": {
                         "description": "A comma-separated list of
 capabilities that authorize a user to create custom tables within the
 code.",
                         "type": "string"
                   }
                }
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "otherStorage": {
          "description": "Provides more information about where information
 may be stored, other than the database.",
          "type": "object",
          "properties": {
             "writesToFiles": {
                "description": "A comma-separated list of file types the
 code writes to (e.g. .txt).",
                "type": "array",
                "items": {
                   "type": "string",
                }
             },
             "fileStructure": {
                "description": "Whether or not the code makes changes to
 the website's file structure.",
                "type": "object",
                "properties": {
                   "auto": {
                      "description": "Whether or not the code makes
 changes, or is capable of making changes, to the website's file structure
 that are not explicitly initiated by a user. This should not include files
 that are added directly from the repository, or in the original .zip
 file.",
                      "type": "boolean"
                   },
                   "manual": {
                      "description": "Whether or not the code makes
 changes, or is capable of making changes, to the website's file structure
 that are explicitly initiated by the user. This should not include files
 that are added directly from the repository, or in the original .zip
 file.",
                   }
                }
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "automation": {
          "description": "Provides more information with regards to action
 taken by the code without user input.",
          "type": "object",
          "properties": {
             "cron": {
                "description": "Whether the code makes use of scheduled
 tasks that do not require user input.",
                "type": "boolean"
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "ppi": {
          "description": "Whether or not the code stores any Protected
 Personal Information.",
          "type": "boolean"
       },
       "compatibility": {
          "description": "Indicates whether or not the code is compatible
 with Privacy Tools.",
          "type": "object",
          "properties": {
             "ppiExport": {
                "description": "Does the developer, in good faith, consider
 the code to be compatible with the PPI Export Tool in WordPress?",
                "type": "array",
                "items": [
                   {
                      "type": "boolean"
                   }
                ],
                "additionalItems": false
             },
             "ppiErasure": {
                "description": "Does the developer, in good faith, consider
 the code to be compatible with the PPI Erasure Tool in WordPress?",
                "type": "array",
                "items": [
                   {
                      "type": "boolean"
                   }
                ],
                "additionalItems": false
             },
             "consentAPI": {
                "description": "Does the developer, in good faith, consider
 the code to be compatible with the WordPress Consent API?",
                "type": "array",
                "items": [
                   {
                      "type": "boolean"
                   }
                ],
                "additionalItems": false
             },
             "disclosuresTab": {
                "description": "Does the developer, in good faith, consider
 the code to be compatible with the Disclosure Tab?",
                "type": "array",
                "items": [
                   {
                      "type": "boolean"
                   }
                ],
                "additionalItems": false
             },
             "permissionsTab": {
                "description": "Does the developer, in good faith, consider
 the code to be compatible with the Permissions Tab?",
                "type": "array",
                "items": [
                   {
                      "type": "boolean"
                   }
                ],
                "additionalItems": false
             }
          }
       },
 }}}

 {{{#!php
 <?php
       "monetization": {
          "type": "object",
          "description": "This section provides more information about
 monetization practices. It is included to help facilitate transparency and
 fair business dealings. Please note that disclosure here does not relieve
 a developer from any specific obligations that they may have under
 applicable statutes.",
          "properties": {
             "upsells": {
                "description": "More information about upselling in the
 code.",
                "type": "array",
                "items": [
                   {
                      "description": "Does this code promote a paid
 version, or extensions, or other products or services from the same
 author(s)?",
                      "type": "boolean"
                   }
                ],
                "additionalItems": {
                   "description": "A comma-separate list of URLs linking to
 the Terms of Service that apply to any paid version, or extension, or
 other products or services from the same author(s).",
                   "type": "string",
                   "format": "uri"
                }
             },
             "donations": {
                "description": "More information about donations that are
 facilitated by the code.",
                "type": "array",
                "items": [
                   {
                      "description": "Does this code contain any request,
 or information in order to, donate to the plugin or its developer(s)?",
                      "type": "boolean"
                   }
                ],
                "additionalItems": {
                   "description": "A comma-separated list of URLs linking
 to the Terms of Service that apply to the platform being used to
 facilitate donations.",
                   "type": "string",
                   "format": "uri"
                }
             },
             "backLinks": {
                "description": "More information about the code requesting
 credit.",
                "type": "array",
                "items": [
                   {
                      "description": "Does this code contain or generate,
 or ask the site owner / admin for permission to generate, backlinks?",
                      "type": "boolean"
                   }
                ],
                "additionalItems": {
                   "type": "string",
                   "format": "uri"
                }
             },
             "affiliates": {
                "description": "More information about affiliate networks
 that are promoted by the code.",
                "type": "array",
                "items": [
                   {
                      "description": "Does this code contain, or generate
 affiliate links - i.e. links from which the author may receive conditional
 compensation, whether in money, or in kind?",
                      "type": "boolean"
                   }
                ],
                "additionalItems": {
                   "description": "A comma-separated list of URLs linking
 to the Terms of Service that apply to affiliate networks being promoted by
 the code.",
                   "type": "string",
                   "format": "uri"
                }
             },
             "advertising": {
                "description": "More information about advertising that is
 facilitated by the code.",
                "type": "array",
                "items": [
                   {
                      "description": "Does the code contain, or generate
 promotions or recommendations for any products or services not directly
 under the control of the author(s), for which the author(s) receive any
 compensation, whether in money, or in kind?",
                      "type": "boolean"
                   }
                ],
                "additionalItems": {
                   "description": "A comma-separated list of URLs linking
 to the Terms of Service that apply to any products or services that are
 being advertised by the code.",
                   "type": "string",
                   "format": "uri"
                }
             }
          }
       }
    }
 }
 }}}

 **Acknowledgements:**

 Thanks to Timothy for suggesting that we use a .json file instead of
 plugin and theme headers.
 Thanks to Swissspidy for information on i18n - see comment below.
 Thanks to Apedog for suggesting improved phrasing for the "external"
 property's description.

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51092#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list