Dev Chat Summary: April 18th (4.9.6 week 3)

This post summarizes the dev chat meeting from April 18th (agenda, Slack archive).

4.9.6 planning

Updates from focus leads and component maintainers

  • The Editor / Gutenberg Team released v2.7 and published information on how they’re organizing component-specific issues in their GitHub repo. Component Maintainers will benefit from utilizing the specific milestone setup for their component when trying to identify areas that would best benefit Gutenberg. There are also additional milestones for a11y and docs.
  • The GDPR Compliance Team published notes from their recent meeting covering recent deployments, available resources, plugin dev guidelines, and the addition of a privacy section to the readme.txt file
  • The PHP Team published notes from their recent meeting
  • The Media Team published notes from their recent meeting covering a time change for their meeting (to Thursday’s at 20:00 UTC) and their main focus on a Gutenberg Media triage
  • @jorbin looking for a proposal on Make/Core post from team working on the JS reorg / no longer using srcwith a summary and proposed timeline; majority of current info is in #43055

Next meeting

The next meeting will take place on April 25, 2018 at 20:00 UTC / April 25, 2018 at 20:00 UTC in the #core Slack channel. Please feel free to drop in with any updates or questions. If you have items to discuss but cannot make the meeting, please leave a comment on this post so that we can take them into account.

#4-9-6, #core, #core-editor, #core-js, #core-media, #core-php, #dev-chat, #gdpr-compliance, #gutenberg, #summary

GDPR Compliance Chat Agenda – April 18

Agenda proposal:

  • A note on Privacy by Design and Cookies
  • Tickets to go out with WP 4.9.6
  • Erasure and export tickets (43546, 43551, 43602, 43637)
  • Owners for tickets
  • Open discussion

Join us on slack at 15:00 UTC.
Open trac tickets
#gdpr-compliance, #agenda

GDPR Compliance Chat Recap – April 11

(full text on slack)

First deploy of ticket #43481

  • Core ticket #43481 is about tabs and placeholders to privacy tools page in wp-admin and a first version has been committed into dev. Goal is to have it inside the 4.9.6 release.
  • These screens will allow the site admin to get validation from the requester follow-up on requests. Requests could come in from different sources (email, phone request, contact page, etc) so a dedicated place is needed.

Announcements: Available texts and where to publish them

Plugin dev guidelines

Privacy section in readme.txt

  • Besides the functions in Core and the upcoming filters/hooks that plugin authors will be able to use, there might also be a need to have privacy related info in the readme.txt
  • The advantages of a section in the readme.txt would be:
    • availability in plain text in downloads
    • parsable, can be displayed in tab on plugin repo
    • translation, since readme is in Core’s i18n tools on translate.wordpress.org
    • Version control
  • The eventual section in the readme.txt will however not substitute the need of having the privacy information also delivered using filters/hooks as the purpose and possibilities are different.
  • Another idea was to add a ‘Privacy URL’ keyword where a URL could be provided to a privacy statement hosted on a website.

Trac tickets: https://core.trac.wordpress.org/query?status=!closed&keywords=~gdpr
GDPR agenda and recaps: https://make.wordpress.org/core/tag/gdpr-compliance/

#gdpr-compliance #summary

Dev Chat Summary: April 11th (4.9.6 week 2)

This post summarizes the dev chat meeting from April 11th (agenda, Slack archive).

4.9.5 feedback

  • @audrasjb wrapping up feedback post, aiming to publish by end of week on experience leading 4.9.5
  • No other feedback, so no urgent need to rush out immediate fixes in 4.9.6

4.9.6 planning

  • @desrosj self-nominated to be co-lead, @melchoyce nominated @allendav to be co-lead, @sergey self-nominated to be a deputy (given desire to have a lead with commit access); all have accepted and will begin planning, many thanks to them!
  • @desrosj to focus on coordinating release, @allendav to focus on GDPR, @sergey to focus on review and commits were needed
  • Will want to line up someone to help with packaging ~48 hours ahead of beta, RC, and release
  • Tentative timeline: beta on Tuesday, April 24th, RC on Tuesday, May 1st, and Release on Tuesday, May 8th (will be confirmed in next week’s devchat)
  • Planning to begin communicating via Make/Core of what’s going into 4.9.6 and will encourage devs to utilize trunk
  • @desrosj and @jbpaul17 to work on bug scrub schedule

Updates from focus leads and component maintainers

Next meeting

The next meeting will take place on April 18, 2018 at 20:00 UTC / April 18, 2018 at 20:00 UTC in the #core Slack channel. Please feel free to drop in with any updates or questions. If you have items to discuss but cannot make the meeting, please leave a comment on this post so that we can take them into account.

#4-9-5, #4-9-6, #code-of-conduct, #core, #core-editor, #dev-chat, #gdpr-compliance, #gutenberg, #summary

GDPR Compliance Chat Agenda – April 11

Agenda proposal:

  • Announcements: Available texts and where to publish them
  • Plugin dev guidelines
  • Cookies
  • Trac tickets: Review of specific tickets
  • Open discussion

Join us on slack at 15:00 UTC.
Open trac tickets
#gdpr-compliance, #agenda

GDPR Compliance Chat Recap – April 4

(full text on slack)

Documentation: what texts do we need?

  • A table of contents of the needed information is present on https://github.com/gdpr-compliance/info/blob/master/information-resources.md . @idea15 started on some of them.
  • Some shorter/other texts will be needed to add to core, but can then have links to the final privacy blog: WP default policy, text for new user registration and on user profile screen, technical text about the new functions for developer.wordpress.org , chapter in the plugin handbook
  • After a chat with Mika, the guidelines for developers will be amended so that it's clear that plugins can assist in helping the site compliant but not that installing the plugin will make the site compliant.

Marketing: How to announce the project to the world?

  • @dejliglama reached out to the WhiP linking to make/core in their newsletter. There will be a longer piece later.
  • A paragraph was also create in the Month in WordPress of March
  • A proposal is to get a post out every 2 weeks with a major one on 25-May.
  • The roadmap can be used as a start, but might be slightly too technical for the broader public.

Trac Tickets: Review of specific tickets

  • #43492 was discussed. Data is stored for telemetry but also to make sure websites have the correct (security) updates.
  • A site admin should not have to opt-in, because having a WordPress site without security updates is not acceptable. But a combination of some data (like website URL, IP, etc) might be seen as personal data.
  • More clarification is needed. @pento and @pesieminski should be contacted.

AOB

  • Design should arrive in the next days so Allen and Mike can start with the patches for their tickets.
  • WordCamp Europe workshop: @idea15 will be hosting a GDPR Workshop at WCEU. She is looking for Teaching Assistants that can help her in making it a success. Please comment below (or DM on slack) if you are in Belgrade in June and are willing to support!
  • WordCamp Europe contributor day: @idea15 has been contacted to be ready for questions during Contributor Day (June 14 in Belgrade). Anybody willing to help @xkon, @azaozz and probably @postphotos on that day? Leave a comment or DM.

Actions

  • @idea15: Create a text for marketing (due 2018-04-08)
  • @azaozz: Follow up with Marketing for the above text
  • @casiepa: Add short texts needed in the table of contents

Trac tickets: https://core.trac.wordpress.org/query?status=!closed&keywords=~gdpr
GDPR agenda and recaps: https://make.wordpress.org/core/tag/gdpr-compliance/

#gdpr-compliance #summary

Ain't no party like a GDPR party
Cos a GDPR party don't stop until someone has a question about personal data.
(Heather Burns)

GDPR Opt-in Commenter Cookies

Moving towards GDPR compliance a new checkbox was added to the comments form in #43436. It asks the commenters for consent to set the comment cookies.

However in many themes the <label> element inside the comments form is styled as display: block; which moves the checkbox above it and might seem unusual.

xk20180404224043

This will be fixed in the default themes but please make sure to check if your theme would need to fix this too!

Check out the Open trac tickets if you want to get involved!

#gdpr-compliance

GDPR Compliance Chat Agenda – April 4

Agenda proposal:

  • Documentation: what texts do we need?
  • Marketing: How to announce the project to the world?
  • Trac tickets: Review of specific tickets
  • Open discussion

Join us on slack at 15:00 UTC.
Open trac tickets
#gdpr-compliance, #agenda

Roadmap: tools for GDPR compliance

This roadmap is for adding privacy tools to core. These tools will help site owners comply with the GDPR and other privacy laws and requirements.

Main tasks

I. Add tools for creating a privacy policy

The idea is to have a “special” page for the privacy policy, #43435 (initial version of this is already committed), and #43491. The site owners are able to select an existing page or create a new one. There will be wp_get_privacy_policy_page() helper functions for use in themes, etc.

Another idea is to have a “postbox” shown when editing the policy page. All plugins that collect personal data or set cookies can output some concise information about what they collect and store and why. This information should be phrased for inclusion in the site’s privacy policy.

Core will also contain text that the site owners can use to create their policies. The text will be used as the default privacy policy and will be inserted in the privacy policy page when a new one is created. See #43473.

II. Create guidelines for plugins on how to get GDPR compliant

This should be a chapter on privacy in the plugins handbook. Needs text.

III. Add tools to core to facilitate compliance, and privacy in general

There are several plugins that are implementing similar tools. It would be great if the plugin authors participate/contribute to core to include the base tools, so we don’t double the efforts.

These tools will require a confirmation of the email of the person that requests an action, see #43443 (first version is already committed). When a confirmed request is received, the site owner will perform the action.

This could be done automatically. However deleting and anonymizing will be non-reversible. In this case it’s better if the site owners perform the actions themselves, after additional confirmation if required.

There will be two main tools:

  • To export all personal data stored on the site (by email address or user login), see #43438, #43440, #43547, #43547.
  • To delete all personal data and anonymize published/public content (like posts, comments, etc.), see #43637.

Note that registered users (“author” and above) have access to almost all of their personal data on the User Profile screen. They also have access to all posts and comments they have made on the site, and can edit or delete them. Site owners should deal mostly with requests from “contributor” level users and people that have commented on the site.

Couple of tasks can be performed in core without additional tools. For example a registered user’s account can be deleted and all of their posts can either be deleted or reassigned to another (already created) user account. This is sufficient for anonymizing a user account if there are no plugins that store private user data outside user_meta. Also, admins can search for and delete a specific user’s comments.

However having a specialized tools will enable plugins to hook into the performed actions and do their share. This is critical as many of the top 100 plugins seem to store at least some private user data.

IV. Add documentation/help for site owners on how to use these tools

The documentation should be on the new Tools => Privacy screen. Alternatively we can add only a very brief explanation and link(s) to WordPress.org with more extended help. Needs text.

All GDPR related tickets can be accessed here: https://core.trac.wordpress.org/query?status=!closed&keywords=~gdpr

#gdpr-compliance, #roadmap

GDPR Compliance Chat Agenda – March 28

Agenda proposal:

  • Current status
  • Open discussion

Join us on slack at 15:00 UTC.
Open trac tickets
#gdpr-compliance, #agenda