Dev Chat Summary: September 05, 2018 (4.9.9 week 4)

This post summarizes the weekly dev chat meeting held Wednesday, September 05, 2018, 20:00 UTC, including topic updates from the lively August 29 dev chat. Agenda | Slack Archive

4.9.9 Updates & Planning

Release Leads

  • After a lively discussion about the ideology of the leadership structure for minor releases during the August 29 dev chat, and following through on our effort to develop a broader group of people who can lead releases, @antpb and @schlessera will serve as co-leads for 4.9.9. @sergeybiryukov will assist with commits. There were 21 emoji reactions to this message in Slack, so it’s official. No takesies backsies.
  • A tentative schedule will be announced once release leads can align schedules for the next 6-8 weeks.

4.9.9 Inclusions

@youknowriad mentioned it would be lovely for these two REST API issues to land in 4.9.9:

  • #44862: Create REST API endpoints to lock, release and takeover post edition
  • #44758: The REST API is not respecting the user’s locale properly 

If you have other issues you’d like to see in 4.9.9, come on over to next week’s chat. We’ll keep the lights on for ya.

Focus Lead & Component Maintainer Updates


  • We’ve got a 3.7 release! This version includes clarifications for some core interactions, expanding the Unified Toolbar mode, squashing Gutenbugs and SO. MUCH. MORE. 
  • Please continue to provide us with feedback via testing and block usage. 
  • I personally appreciate any and all Gutenberg puns. Thanks in advance!


The fab JS team posted notes from their weekly chat. Thanks @matveb for posting the recap! Highlights:

  • Deprecation strategy
  • Allow building in `src`
  • Guidelines for including WP packages

General Announcements

A second dev chat? 

  • During the August 29 dev chat, we notified the channel that we had volunteers to host a second dev chat at a different time on Wednesdays. The goal of having a second dev chat is to see if expanding dev chat across another set of time zones would be more inclusive of the non-U.S. based WordPressers.
  • Following a lively discussion, those who volunteered to lead the second chat are drafting a proposal that is still a WIP. We’ll open up the discussion again during next week’s dev chat.

Merge Proposal: Dark Mode

  • @danieltj is here 100% here for our eyeballs with Dark Mode. His merge proposal answers what Dark Mode is and isn’t, especially the big question about why it isn’t a color scheme. You have to click to find out. I’m not spoiling it here.
  • Further testing and feedback is needed, so please help out if you can.


tl;dr – This conversation has moved over to #core-http in Slack and is being self-organized by those involved. And yes we know that channel name is not secure!

  • Chrome stepped their game up when it comes to flagging non-SSL sites, so @westonruter suggested we do the same when encouraging users to enable HTTPS whenever possible. 
  • Some additional resources on this topic:

That’s it! We’ll see you at <dev chat> next week: Wednesday, September 12 20:00 UTC in the #core Slack channel. 

#summary, #4-9-9, #core, #dev-chat

Dev Chat Summary: October 12 (4.7 week 8)

This post summarizes the dev chat meeting from October 12th (agenda, Slack archive).


Feature Proposals for 4.7

  • REST API: Content API (@kadamwhite)
    • REST API Team Update
    • Content API endpoints have been stable for some time and now have the missing functionality established at the start of this development cycle
    • We pitched merging in the OAuth 1 server alongside those content endpoints, to simplify the process of authenticating from remote applications
    • The auth method in core right now is cookie/nonce-based, so it’s available to any code running within the same domain as the main WordPress install and leverages the existing login cookie
    • plugins and themes that utilize JS to enhance the editing experience within their admin UI have full read/write access, restricted to the capabilities of the authenticated user
    • External applications, e.g. a mobile app, desktop app or external server, would have read-only access
    • readers, aggregators, etc are possible without authentication, and more complex read-write apps can be written by installing one of the available authentication plugins, of which OAuth is but one
    • Reference for options and when/how to use
    • 90 contributors for the rest-api plugin
    • automated test coverage currently at 90.44%
    • 37 more open tickets
    • weekly meeting on Monday at 1400UTC in #core-restapi
  • Discovering and installing themes in the customizer (@celloexpressions)
    • Related Make/Design and Make/Flow posts, but best to post all feedback to the Make/Core feature proposal
    • Working through the accessibility feedback, but it’s a bit unclear what’s specific to this feature versus the customizer in general, and which issues are also present in the admin theme installer
    • Haven’t heard anything from polyglots, security (unlikely to have any issues), or docs
    • There is one known i18n concern where we’ll need a compromise until we have JS i18n in core
    • @celloexpressions to do a final iteration to pick up any remaining feedback on Thursday, then pass to @westonruter for the code review process
  • Custom CSS with live previews (@celloexpressions)
    • seems to have decent support as a feature, with the biggest question in the comments being how to store and output the CSS
    • CSS is output from the db via a style tag, use of `style` tag is key for targeting for `postMessage` live preview
    • Post-based storage allows for revisions built in (ensuring that there are hooks for a plugin that wants to write a file would alleviate many concerns)
    • CSS is theme-specific in the proposal for this, with a post object for each theme that has CSS
    • Scheduling a meeting to go through these concerns and make a decision, coordination to occur in #core-customize
  • Customize Changesets (née Transactions) (@westonruter)
    • Technical Post (audience is developers who have extended the customizer significantly, as there may be impacts to any heavy customizer integrations since changesets touches some very low-level stuff in the customizer)
    • Users will be able to bookmark a customizer session since the changeset UUID will be part of the URL
    • Theme switches will no longer result in changes being lost (no more AYS dialog)
    • a few other open questions and issues that have been noted


#4-7, #core, #dev-chat, #summary

Dev Chat Summary: September 28 (4.7 week 6)

This post summarizes the dev chat meeting from September 21st (agenda, Slack archive).


  • Schedule: We are 3 weeks from the final chance to merge in major features. This includes Twenty Seventeen.
  • Tickets: There are currently 196 tickets in the 4.7 milestone. This is 14 more than last week. In just 6 short weeks, this needs to be zero. For any tickets you’ve moved into the milestone, please make sure these are active tickets, with some kind of activity in the last 10 days.
  • Bug Scrubs: We’re looking for people to help run a bug scrub, please reach out to @jorbin if you have interest (details here). Bug scrubs this week plus one on Monday and one on Wednesday next week at yet to be scheduled times.

Components & Features

  • Twenty Seventeen (@davidakennedy, @melchoyce)
    • Latest update
    • Add multi-panel feature to pages through add_theme_support (#37974) & Enable Video Headers in Custom Headers (#38172) need eyes and help the most
    • Additional i18n eyes on Better support for non-latin font fallbacks especially designers who use non-latin alphabets natively to hear suggestions for non-latin font stacks that would look good in the theme
    • Next meeting Friday at 18:00UTC (theme-focused), Tuesday (feature-focused)
  • Media (@mikeschroder, @joemcgill)
    • Latest update
    • Unexpected change to media title behavior in WP 4.6.1 (#37989) – Looks like @sergey added a patch that fixes the remaining issues with some UTF-8 characters. Should be committed soon.
    • Media search doesn’t include file name (#22744) – The current implementation is trampling any preexisting JOINs. Should have a patch a new patch ready to test soon.
    • Also looking at pursuing additional media organization improvements through a feature plugin, details still need discussion, @karmatosed on board to help with design
    • Next meeting Friday at 17:00 UTC
  • Customize (@westonruter, @celloexpressions)
    • Latest update
    • Primary commit for Harden panel/section UI code by removing contents from being logically nested (read: goodbye margin-top hacks) (#34391) is in, and a dev note is scheduled to be published after today’s dev chat
      • Some major changes here, so we need plugin and theme authors to test
    • Received design feedback on A New Experience for Discovering, Installing, and Previewing Themes in the Customizer (#37661) and working on making those revisions by the end of this week and planning to publish a feature proposal on Friday
      • Need to discuss themes again during tomorrow’s #design meeting for final approval before the changes are made
    • Need attention on Provide a better gateway for code-based theme customizations with the Customizer (#35395)
      • Discussion of whether this direction is appropriate lead to tentative consensus that this is likely appropriate for core
      • Next steps will be to loop @folletto in to improve the design and polish up the patch
      • Big other block discussed: sanitizing and validating the CSS & most appropriate corresponding capability
        • Currently rudimentary validation in the patch for balanced braces and comments. Need improvement if relying on it heavily, but it provides instant user feedback
        • Capability solution needs to work for multisite if at all possible, since that’s a primary use case
        • Discussion to continue on the Trac ticket and/or #core-customize
  • i18n (@swissspidy)
    • Feedback/help on Introduce a locale-switching function (#26511) would be appreciated
      • The problem is that labels of custom post types and taxonomies are only evaluated once, so switching locales wouldn’t properly translate those.
      • There’s a proposed fix for built-in types and taxonomies, but we prefer a better solution that works for all of these.
  • Editor (@azaozz, @iseulde)
    • Would like to help with a survey (scratchpad/draft). Need to start gathering user usage stats, should be opt-in, start with a plugin first, and release the aggregated data
    • Weekly data tracking (back-end) meeting Wednesday at 1900 UTC
  • HTTPS (@johnbillion)
  • REST API (@krogsgard, @kadamwhite )
    • Latest update
    • Whether the API should follow core behavior and save a revision every time a post is updated
      • Right now every update to a post creates a revision and can be a bit painful for some clients, so: 1) should that always happen? 2) should we have the ability to turn it off?
      • Decided on: 1) Yes.  2) The ability to use auto-drafts like in core makes sense, but doesn’t need to block merge.
    • How to handle image permissions, specifically for the case where an image is attached (uploaded) to a private post and then featured in a public post
      • Specifically, if I upload an attachment to a private post, its visibility is governed by that post, so it too is private but, in wp-admin I can add it as featured media to another public post. When that public post is queried: what happens!?
      • @joemcgill summary: I happen to think it’s an oversight in WordPress that we allow an image attached to a private post to be set as the featured image of another post (and by an author without permission to view the private parent post). We should probably either close this loophole or detach the attachment from the private post whenever it’s set as a featured image on another post.
      • @kadamwhite to document decision, @rmccue @joemcgill @helen et al will identify core tickets that should be opened.
    • Whether (and how) to expose edit locks through the API
      • Main thing here is whether this is a blocker? Decision: edit locks are great, but doesn’t need to block merge.
    • Next bug scrub is Thursday 1400 UTC; next team meeting is 1400 UTC on Monday, October 3rd

#4-7, #core, #core-editor, #core-http, #core-i18n, #core-media, #core-restapi, #dev-chat, #summary, #twenty-seventeen