Open Agenda Item: #core-privacy and Gutenberg

The Difficulty: GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. development happens on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner., instead of on TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. (which allows for “needs-privacy-review” to be added to the workflow of any ticketticket Created for both bug reports and feature development on the bug tracker.). This makes it very difficult for other teams to keep up with changes that have a potential significant impact on their team. The Gutenberg repository is huge and it is simply not possible for those working on smaller teams to keep up with all issues / PRs while trying to run their own teams and dealing with other responsibilities.

Other Solutions We Have Considered: We have considered subscribing the #core-privacy channel on SlackSlack Slack is a Collaborative Group Chat Platform The WordPress community has its own Slack Channel at to GitHub. The rest-api channel did this, but it leads to some flooding and does not work when labels are added later on (which would usually be the case with privacy).

So What Do We DO? All triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. volunteers on the Gutenberg repository on GitHub should please consider whether a particular issue touches on any of the following. If it does, the issue should not proceed / the PR should not be committed, before the Privacy team has been given a meaningful opportunity to consult. If you find such an issue, please post a link here, so we can have a look. Please also make use of the #core-privacy channel on Slack if you need our help. We rely on the Gutenberg triage volunteers’ assistance in this matter.

Issues / PRs that are considered to affect privacy:

1. If the issue / PR suggests that an external call should be made from the site owners’ WordPress installation to any other external site (whether PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher / JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. / CSSCSS Cascading Style Sheets.), even if this site is The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization.;

2. If an account with a third party would be needed in order to utilize any functionality (basically SaaS – I do not expect that this is likely to happen, but I am including it here for the sake of completeness);

3. Calls to any APIs (including, but not limited to calls to external APIs for the purposes of updates);

4. Use of any remote assets (e.g. images / JavaScript libraries / fonts hosted elsewhere);

5. Any cookies are proposed / use of local browser storage, or similar;

6. If the editor proposes to write any information to the DB (other than content like posts explicitly generated by the user);

7. If new Custom Post Types are proposed;

8. If new custom tables are proposed;

9. If any PPI (Protected Personal Information) may be stored;

10. If any e-mails will be sent by the code;

11. If there will be any advertisements in wp-adminadmin (and super admin) (again, not something I think is likely, just including it for completeness);

12. If any backlinks are requested (again, probably unlikely for Gutenberg).

Please also report any items not listed here, which you think may affect the privacy component.

Thank you for your co-operation and transparency in this matter.