The Difficulty: Gutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ development happens on GitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/, instead of on Trac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. (which allows for “needs-privacy-review” to be added to the workflow of any ticket Created for both bug reports and feature development on the bug tracker.). This makes it very difficult for other teams to keep up with changes that have a potential significant impact on their team. The Gutenberg repository is huge and it is simply not possible for those working on smaller teams to keep up with all issues / PRs while trying to run their own teams and dealing with other responsibilities.
Other Solutions We Have Considered: We have considered subscribing the #core-privacy channel on Slack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. to GitHub. The rest-api channel did this, but it leads to some flooding and does not work when labels are added later on (which would usually be the case with privacy).
So What Do We DO? All triage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. volunteers on the Gutenberg repository on GitHub should please consider whether a particular issue touches on any of the following. If it does, the issue should not proceed / the PR should not be committed, before the Privacy team has been given a meaningful opportunity to consult. If you find such an issue, please post a link here, so we can have a look. Please also make use of the #core-privacy channel on Slack if you need our help. We rely on the Gutenberg triage volunteers’ assistance in this matter.
Issues / PRs that are considered to affect privacy:
2. If an account with a third party would be needed in order to utilize any functionality (basically SaaS – I do not expect that this is likely to happen, but I am including it here for the sake of completeness);
3. Calls to any APIs (including, but not limited to calls to external APIs for the purposes of updates);
5. Any cookies are proposed / use of local browser storage, or similar;
6. If the editor proposes to write any information to the DB (other than content like posts explicitly generated by the user);
7. If new Custom Post Types are proposed;
8. If new custom tables are proposed;
9. If any PPI (Protected Personal Information) may be stored;
10. If any e-mails will be sent by the code;
11. If there will be any advertisements in wp-admin (and super admin) (again, not something I think is likely, just including it for completeness);
12. If any backlinks are requested (again, probably unlikely for Gutenberg).
Please also report any items not listed here, which you think may affect the privacy component.
Thank you for your co-operation and transparency in this matter.