WP Notify Kick off meeting announcement

I’d like to announce the first meeting of the WP Notify project. The meeting will be held on Monday 26 August 2019 in the #feature-notifications channel.

In order to allow for multiple time zones, we’ll be having two meetings, one at 14:00 UTC, run by myself, and one at 22:00 UTC, run by @hrmervin. We’ll do our best to keep these two meeting times going forward.

I will post an agenda for the meeting closer to the time, and to allow folks to propose agenda items for the meeting.

#feature-notifications

Editor Chat Agenda: August 21st

Note taker: @nosolosw

This is the agenda for the weekly editor chat scheduled for August 21, 2019 at 1300 UTC.

This meeting is held in the #core-editor channel in the Making WordPress Slack.

  • Tasks Coordination
  • Open Floor

If you have anything to share for the Tasks Coordination section, please leave it as a comment on this post.

As always, if you have anything to propose for the agenda or other specific items related to those listed above, please leave a comment below.

#agenda, #core-editor, #editor-chat

Editor chat summary: 14 August 2019

This post summarizes for the weekly editor chat meeting on Wednesday, August 14, 2019 at 1300 UTC held in Slack.

The agenda can be found here.

Gutenberg 6.3 

  • @riad noted that this release is a very important release in terms of Accessibility because it introduces the Navigation Mode

Priorities for next week

Please don’t hesitate to help there. Provide a11y and design feedback. Help with tests… Let’s move these forward.

Task Coordination

Based on the links in Task Coordination, Riad extracted a list of PRs where feedback is needed:

Open Floor

There was a discussion about new core blocks being developed. The central idea is that some ideas, while good, are low priority, for example the gists block or the multi select dropdown.

Riad explained that the ideas for the blocks themselves are good but “we added components as we needed them in Core and Core blocks. Doesn’t mean we can’t add components for third-party authors if they prove to be useful for a lot of persons but we’d need contributors to champion these”

There is also a list of new blocks that are high priority and considered “blessed tasks” and the list includes: icons, menu, social icons, divider and other Full site editing related blocks (site title, post title, post categories).


Note: Anyone reading this summary outside of the meeting, please drop a comment if you can/want to help with something.

The agenda for the next meeting, 21 August 2019 13:00 UTC is here, please add anything you want to discuss.

#core-editor, #core-restapi, #editor, #gutenberg, #meeting-notes

Follow-up Discussion on Major Auto Updates

Last week’s proposal to automatically upgrade old sites to 4.7 has garnered a lot of feedback, which has been very helpful in refining the idea and getting a sense of how different parts of the community feel about it.

To follow up on that, I’d like to have a meeting in #core on Tuesday, August 20, 2019, 2100 UTC to continue the discussion. No decisions will be made during the meeting, but I hope that we can have a productive conversation and move closer to some kind of resolution.

To join the meeting, you’ll need an account on the Making WordPress Slack. If you’re not able to attend, but would like to give feedback, please leave a comment on the proposal.

#auto-update, #security

SSL for auto updates

r44954 introduced experimental package signature verification for plugin and theme updates. That and subsequent commits from #39309 have proved useful in testing and experimenting with the use of cryptographic signatures for update verification. That work has progressed to a point where it has become clear that there are many complicated and difficult problems to solve in order for signatures to be used securely in practice, and that solving those problems requires cryptographic expertise that we don’t have enough of.

Based on the discussion in that ticket, there are essentially two possible ways to implement the key management infrastructure needed to use signatures in production:

  1. Build a certificate structure something like X.509, and implement secure APIs to allow for key revocation and rotation.
  2. Use something like Gossamer for distributed key management.

Since both of these options are long-term projects that require very careful design and testing, we need a short-term plan for improving the security of auto-updates while those more ambitious ideas are explored.

It appears that the sensible short-term solution is to shelve signatures for the moment and instead use checksum hashes delivered over HTTPS. By strictly enforcing SSL certificate checks, we can offer package integrity checks that are more secure than the status quo, and take advantage of SSL’s certificate infrastructure for authentication. That will allow us to move forward with auto-updates now, and continue to research and develop robust signature protocols for future release.

I propose we do the following for 5.3:

  1. Review the suitability of hashes provided by the core update APIs.
  2. Improve the core update code so as to always use SSL with certificate checking (on systems with functioning SSL).
  3. Implement compatibility checks and fallback options for systems without functioning SSL (perhaps requiring human intervention to manually verify updates).
  4. Implement end-to-end tests for update code, including SSL fallback, and tests for the update APIs and checksums.
  5. Review handling of edge cases and exceptions such as rollbacks.

To clarify: in this context, SSL refers specifically to using a secure connection to api.wordpress.org. It would not require SSL certificates to be installed on a WordPress site. Certificates would be used to verify the authenticity of wordpress.org itself.

Later versions of WordPress can make this obsolete by incorporating a well-tested system for signature verification once it is ready for production.

Enabling strict SSL for updates is a necessary step towards safely providing auto-updates. With this in place we eliminate the main technical blocker to two of the 9 Projects for 2019.

Media Meeting Recap – August 15, 2019

Overview

The following is a summary of the weekly media component meeting that occurred on Thursday, August 15, 2019. Weekly media meetings are held every Thursday at 13:00 UTC. A full transcript can be found here in the #core-media room in the Make WordPress Slack.

Attendees: @joemcgill, @anevins, @sergey, @antpb, @adamsilverman

5.3 A11y Related Tickets

@anevins lead a triage of the a11y related tickets from the WPCampus audit for 5.3 to try and make sure everything had an owner and/or some next steps to move forward.

Now that all tickets have been triaged, @joemcgill suggested that we keep the latest information in Trac so we can use this report to track status of the a11y related tickets throughout the 5.3 cycle.

5.3 Release Media Lead

@antpb asked if anyone was interested in being the Media lead for the 5.3 release. He served in this capacity for the 5.0 release and is willing to do so again for 5.3 if needed. @joemcgill reached out to @chanthaboune in #core following the meeting to clarify what this role would be responsible for (see chat). Essentially, this person would be the primary person responsible for communicating status from the component team and gathering consensus when decisions need to be made. This person is not responsible for completing all the work themselves, but should be leaning on the rest of the component maintainers and contributors to meet our release goals.

If you’re interested in volunteering for this role, feel free to comment here or in #core-media.

5.2.3 Release Tickets

@joemcgill noted that there are several Media issues listed in @jeffpaul‘s 5.2.3 release proposal. These need to be reopened as fixed-major so they can be back ported to the minor release and the milestone needs to be updated. @joemcgill volunteered to handle this.

#media, #summary

Dev Chat Summary: August 14

After the close of our every-two-weeks new contributor chat, the weekly core chat started at 2000 UTC, give or take a few minutes. (backscroll)

Announcements

Next Minor: 5.2.3

Next Major: 5.3

  • All but two focus lead type people are settled. An update post is upcoming (and will be shared by the end of the week regardless of whether those final two are settled or not).

Open Floor

To Do List from this Chat

  • First 5.2.3 bug scrub Thursday, August 15 @ 1700 UTC
  • If you want to help with the 5.2.3 minor release and weren’t mentioned above, you can indicate your interest in the comments of this post.

#summary #5-2-3 #5-3 #rest-api #auto-update

Dev Chat Agenda: August 14

Here is the agenda for the weekly meeting happening later today: Wednesday, August 14, 20:00 UTC. Please share any items you’d like to include in the comments below!

  • Announcements
  • Upcoming Release Discussions
    • 5.2.3 Planning and Updates
    • 5.3 Updates
  • Calls from component maintainers
  • Open Floor

If you have anything to propose for the agenda or specific items related to those listed above, please leave a comment below.

This meeting is held in the #core channel in the Making WordPress Slack.

#5-2-3, #5-3#agenda#devchat

What’s new in Gutenberg? (14 August)

The Gutenberg 6.3 release is an important milestone in terms of accessibility of the editor.

Gutenberg comes with a lot of features by default, each block can be manipulated with custom controls in its toolbar and inspector panel, block movers, a drag handle. The block UI also includes the content of the block itself which can be complex from block to another. This makes it very challenging for screen reader users to navigate the content of their posts.

To address that issue, we’re introducing the Navigation Mode. By default the editor is loaded in this mode, it allows you to move from block to block using a single Tab press. You can also use the arrow keys to navigate between blocks. Once you reach the block you want to edit, you can enter the Edit Mode by hitting the Enter key. The Escape key allows you to move back to the Navigation Mode.

It’s very important for us to make the editing experience as enjoyable as possible for all the users with different accessibility needs. This feature is very early, please help us test it and we’re looking forward to taking your feedback into consideration.

This feature includes dozens of improvements and bug fixes including:

  • support for text alignments in table block columns.
  • Border color support for the separator block.

For developers, new APIs are available such as the BlockPreview component that allows you to render and preview blocks in any context.

6.3

Features

Enhancements

Experiments

New APIs

Bug Fixes

Various

Documentation

Mobile

Performance Benchmark

The following benchmark compares performance for a particularly sizeable post (~ 36000 words, ~ 1000 blocks) over the last releases. Such a large post isn’t representative of the average editing experience but is adequate for spotting variations in performance.

Version Loading Time KeyPress event (typing)
Gutenberg 6.3.0 4.8s 53.5ms
Gutenberg 6.2.0 4.5s 49.7ms
Gutenberg 5.3 (WordPress 5.2) 5.6s 60.1ms

👏 Kudos to all the contributors. Thank you.

#core-editor, #editor, #gutenberg

5.2.3 Release Planning

You may have noticed discussions in devchat the last month or so* around timeframes for 5.3 later this year as well as working to release a 5.2.3 sooner than that due to resolved defects waiting to be released. This proposal provides an opportunity for us to release 5.2.3 in the nearer term while others begin to shift their focus to 5.3. Read on to see the proposed focus and timeline for 5.2.3!

Proposed focus

Along with the items already milestoned for 5.2.3, we can look into including items related to the PHP version bump coming in 5.3, backporting some block editor features, as well as improving accessibility and RTL issues. Issues noted below are linked to Trac and include their summary and related keywords for quick review.

The following relate to the PHP version bump:

  • #47160: Backport blocking of plugin updates if required PHP version is not supported [defect] [2nd-opinion] [needs-patch]
  • #47699: Remove redundant JSON polyfills for PHP native functionality [enhancement] [has-patch] [has-unit-tests] [needs-dev-note]
  • #47797: Provide compatible core update for users not on PHP >= 5.6 [enhancement] [has-patch] [needs-testing]

The following, along with any backported Gutenberg items, relate to improvements in the block editor:

  • #45739: Block Editor: $editor_styles bug. [closed] [defect]
  • #45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter [closed] [defect]
  • #47079: Incorrect version for excerpt_allowed_blocks filter [closed] [defect]
  • #47216: Block Editor crashes on custom post types without title support [closed] [defect]
  • #47489: Emoji are substituted in preformatted blocks [closed] [defect]

The following relate to improvements across the accessibility and RTL focuses:

  • #30506: RTL: Hours and minutes fields order reversed in post editing [closed] [defect]
  • #46757: Media Trash: The Bulk Media options when in the Trash shouldn’t provide two primary buttons [closed] [defect]
  • #46758: Media Trash: Primary button(s) should be on the left [closed] [defect]
  • #46899: Ensure that tables generated by the Settings API have no semantics [closed] [defect]
  • #46978: Remove title attributes from the Meta widget [closed] [defect]
  • #47113: Media views: dismiss notice button is invisible [closed] [defect]
  • #47122: Media views: fix unlabelled controls [closed] [defect]
  • #47141: Radio and checkbox labels rely on implicit association [closed] [defect]
  • #47145: Feature Image dialog does not follow the dialog pattern [closed] [defect]
  • #47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages [closed] [defect]
  • #47390: Improve accessibility of forms elements within some “form-table” forms [closed] [defect]
  • #47458: Fix tab sequence order in the Media attachment browser [closed] [defect]
  • #47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11 [closed] [defect]
  • #47603: My account toggle on admin bar not visible at high zoom levels [closed] [defect]
  • #47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2) [closed] [defect]
  • #47693: customizer Color picker should get closed when click on color picker area. [closed] [defect]
  • #47758: Font sizes on installation screen are too small [closed] [defect]

While we haven’t historically handled default theme-related changes in a minor release, the following are also potentially viable and related to Block Editor and Accessibility improvements as well:

  • #47190: Twenty Seventeen: Native audio and video embeds have no focus state. [closed] [defect]
  • #47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options. [closed] [defect]
  • #47414: Twenty Seventeen: Button block preview has extra spacing within button [closed] [defect]
  • #47543: Twenty Seventeen: buttons don’t change color on hover and focus [closed] [defect]

Proposed timeline

Proposed timeline for this minor release is as follows:

I recognize that the release is the week of the US Labor Day holiday, but hopefully we can keep roughly to this timeframe so that we don’t drag on too long into September and further disrupt plans on 5.3.

Actions needed

We’ll want to confirm this focus, timeline, and release lead(s) for 5.2.3 in devchat. So please comment on this post or come to devchat prepared to discuss, thanks!

Update on 15 August 2019

Note that from yesterday’s devchat that we’ve agreed to exclude the two “remove” related tickets from the proposed list of items in 5.2.3. I’ve gone ahead and used strikethrough on those in the listing above.

We’re working to capture release lead(s) nominations, so please add those to this post, yesterday’s devchat summary post, or come to next week’s devchat to nominate a lead. You’re welcome to nominate yourself or someone else. We plan to confirm release lead(s) in next week’s devchat and then work to confirm the 5.2.3 timeline.

* see: June 26th, July 3rd, July 10th, July 17th, July 31st, and August 7th.

#5-2-3, #planning