Hari Shanker R 8:11 pm on May 17, 2023
Tags: make.wordpress.org/project,   

X-post: WordPress Contributor Mentorship Program: Pilot Program Proposal

X-comment from +make.wordpress.org/project: Comment on WordPress Contributor Mentorship Program: Pilot Program Proposal

Ipstenu (Mika Epstein) 3:24 pm on May 17, 2023
Tags: , onboarding, update   

Plugin Review Team Update

tl;dr An update on the team which is a lot of onboarding, making tools work for multiple people at once, and more documentation than you can shake a stick at.

As much of the WordPress community knows by now, I will be stepping down soon, after over a dozen years (wow) of being part of the PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Review Team, including ten years as team repTeam Rep A Team Rep is a person who represents the Make WordPress team to the rest of the project, make sure issues are raised and addressed as needed, and coordinates cross-team efforts..

During this transitional period, the Plugin Review team has been working on onboarding new members – and at the same time, on documenting the onboarding process itself. 

New team members

Given the need for the new team members to get up and running relatively quickly, the plugin review team invited contributors who have experience with plugins and code to join the team, thanks to recommendations from many community members. These contributors were vetted for good standing in the WordPress project, confirmed that they had the required skill set to review plugins and would respect the required level of security and confidentiality needed, and agreed to help refine the onboarding process to the Plugin Review team. 

There are now five new plugin team members at various stages of the onboarding process. Since the team is still in transition, we wanted to give people a chance to finish their onboarding and decide if the Plugin Review team is a good fit for them. This will avoid putting volunteers in the spotlight before they commit to this important and challenging role. 

Once plugin team members are fully onboarded, their names will be shared in the Plugin Review handbook.  

Documentation and onboarding 

The current team, alongside new members, has been collaboratively reviewing all existing public and private plugin documentation, making sure everything is clear, filling in any gaps that exist, and adding information about undocumented tools and processes.

At the same time, the team compiled an onboarding checklist, which is being used to help new members get up and running. While the first new team members go through the onboarding process and start handling initial tasks – such as looking at the bounced emails queue and reviewing their first plugins – they will also help to improve  the onboarding checklist and process documentation. Their experience will be very valuable in paving the path for future team members, making it easier to expand the team and delegate tasks more efficiently.

Tooling 

In addition to training new members, documenting processes, and developing a sustainable onboarding plan, folks from the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team have been working on tooling enhancements to help make plugin reviews more efficient and “portable.” For example, the home-grown scanner script that’s been used by me until now is being converted to a flexible web-based version, which will be simpler to maintain for multiple reviewers.

Other enhancements include:

Next steps

The Plugin Review team is focused on making the onboarding process smooth, documenting its workflows, improving its collaboration tools, and helping new members get familiar with all the necessary tasks.

We hope that all these improvements in tools and workflows will make it easier to recruit more people and scale up the team. This should in turn reduce the time plugin authors need to wait to have their plugins reviewed and approved.

So, what’s next?

Once the team is ready, we’ll make another post to announce the new members, propose a plan for vetting and onboarding additional members in the future, and open applications to join the team.

Massive thanks to the following people, who helped write this post: @angelasjin, @mrfoxtalbot, @sereedmedia, and @zoonini.

#notice, #onboarding, #update

Jonathan Desrosiers 1:16 pm on April 19, 2023
Tags: ,   

X-post: Cultivating More Effective Contributing on Contributor Days

X-comment from +make.wordpress.org/community: Comment on Cultivating More Effective Contributing on Contributor Days

Ipstenu (Mika Epstein) 11:24 pm on March 21, 2023
Tags: ,   

Use of Code Generators Must Remain GPL Compatible

tl;dr – If you use a tool to generate code (be that a website that generates settings pages, or something complex like an AI to build the whole pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party), remember that YOU are responsible for licensing.

All code hosted on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ has to be GPLGPL GPL is an acronym for GNU Public License. It is the standard license WordPress uses for Open Source licensing https://wordpress.org/about/license/. The GPL is a ‘copyleft’ license https://www.gnu.org/licenses/copyleft.en.html. This means that derivative work can only be distributed under the same license terms. This is in distinction to permissive free software licenses, of which the BSD license and the MIT License are widely used examples. Compatible. This is not in doubt. More and more people are using tools to build code for them, based on bare-bones input. With the advent of ChatGPT, this has become more popular.

To be clear here: There is no guideline AGAINST using generated code.

You’re welcome to use whatever tool you want to build plugins. That said, you are 100% responsible for that code if you chose to host it here. This is not a change to any guideline, merely a reminder that if you claim it’s your code, you are responsible for it.

But the important bit here is that if means if ChatGPT, for example, built your plugin, you have to verify that all the code used is GPL compatible. Just like you are expected to validate licenses on libraries and code-snippets, everything in your plugin has to be GPL compatible. Should we determine that your code is a copy of someone else’s or includes code from non-GPL plugins, your submission will be rejected and any live plugins will be closed.

Sadly this has already become a small issue, as people asked an AI to build a ‘scroll to top’ plugin and it literally copied code from another, existing, plugin hosted on WordPress.org. Actually five times. And they were all rejected since it was pretty obvious.

Now before someone asks, yes it’s fine to fork code. You have to credit them, however, and that’s something those AIs have been pretty bad at doing. Also remember that the AI can tell you how to submit a plugin and be wrong. And by wrong I mean totally, 100%, that was really some bad advice someone got wrong. Make sure you double check. Robots won’t take our jobs yet.

If you submit code, it’s your responsibility. Nothing’s changed.

#guidelines, #reminder

Ipstenu (Mika Epstein) 11:00 am on March 10, 2023
Tags: ,   

Advance Notice of Retirement

tl;dr: I will be stepping down from pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party reviews by 1 July, 2023.

I will be stepping down from plugin reviews this year. I have been a part of this team for over a decade (and the rep for the majority of the time) and recognize a departure like this can be confusing, and could cause people jump to a whole lot of assumptions about the why.

This is a personal decision and has nothing to do with my passion for WordPress. It is a 100% personal, non-WordPress related, decision I made long ago (I told the team in July ’22). Suffice to say there is life ‘stuff’ going on and I cannot devote the time I once could to plugin reviews.

Many people have noticed and complained, with varying degrees of empathy, about the sudden uptick in delays with reviews (be they new plugins or security related). Those delays are directly related to that ‘stuff’ going on. I simply am not available as much as I was, and out of fairness to myself and the community, it’s time for me to retire from plugins.

We’re trying to figure out an onboarding doc, some demo plugins to help people test, getting people in a place where they can fill in the gaps. But this is not a fast process. We’ve actually never had real onboarding (I was thrown into the fire when I stepped in), and it’s going to be a challenge get a team to the place where they have as much weird plugin knowledge and gotchas as I have from my 10 years of experience.

There will absolutely be a learning curve for the people who step in after me. Things will be missed, things will be confusing, and mistakes will happen. I ask everyone be kind and patient.

I understand it became a one-woman show and I apologize for not asking for help and stepping down sooner before it became a crisis. At that point, it was impossible to set up a flag for help without causing these kinds of delays. But things like this happen out of your control, even when you plan. None of us expected the world to spiral like it did in 2019/20.

What’s next for me and WordPress? Writing and managing my plugins, developing code, and being around for some questions. I won’t vanish in the night, but after a decade? I think it will be good for us all to have someone fresh in there.

Some quick answers:

  • I’m not sick or dying.
  • We don’t have an announcement of the new rep.
  • We are still working on onboarding and figuring that out.
  • We have reached out to people and they are actively being onboarded right now.

So again, I ask we all please be patient with all the changes coming. Once we sort out onboarding, we hope to be able to invite even more people, just like you, to the team!

#announcement, #team-reps

Jonathan Bossenger 12:59 pm on March 8, 2023
Tags: ,   

X-post: Introduction to WordPress Development: A proposed learning path

X-comment from +make.wordpress.org/training: Comment on Introduction to WordPress Development: A proposed learning path

Julia Golomb 1:02 am on February 8, 2023
Tags: ,   

X-post: Apply to Attend the 2023 Community Summit

X-comment from +make.wordpress.org/community: Comment on Apply to Attend the 2023 Community Summit

Sam Suresh 3:01 pm on February 6, 2023
Tags: ,   

X-post: Community Booth at WordCamp Asia 2023

X-post from +make.wordpress.org/community: Community Booth at WordCamp Asia 2023

Ipstenu (Mika Epstein) 8:15 pm on February 3, 2023
Tags: , twitter   

Twitter API Changes

tl;dr: Twitter will begin charging for APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. access, possibly as early as the 9th of February. If your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party integrates with the API (be it v1.1 or v2), PLEASE make sure you look into the changes and how they might impact you!

Yesterday Twitter announced it will be charging for access to the API.

Estimated cost is ~$100/month, with a requirement of a valid ID, however there is no information yet as to how much traffic that entails. Since information is not going to be provided until next week (giving everyone a whopping max 3 days to figure this out), I wanted to make sure everyone was as notified as can be.

This will likely impact:

  • Auto-posting
  • Login with Twitter
  • Analytics
  • Management Tools
  • Scripted Interactions (auto-blocking etc)

Access to search is already a pay-only service.

If your plugin (or the related service) does any of those, you will have to investigate if this change impacts you. If you are impacted, you will need to update (or close) your plugin accordingly. I know a lot of free plugins will have some hard choices to make here.

For plugin users, if a plugin suddenly breaks on/around the 9th, please be generous and kind to the developers. They really got blindsided by this, and it’s a lot to sort out in a short amount of time.

#api, #twitter

Ipstenu (Mika Epstein) 5:28 pm on January 13, 2023
Tags: community support   

Looking for your (intentionally) wrong plugins

tl;dr: Do you have demo plugins that are dangerous on purpose? We want to see them!

One of the behind-the-scenes steps going on right now is figuring out HOW to onboard and make sure people are good at looking through plugins, finding the security/guideline issues, and can explain what they are and why they’re bad. While most of the explanation we have covered in pre-defined replies, you should know why something is wrong 🙂

In order to do this, we need some intentionally busted plugins so people can get experience in looking for ‘wrong’ in a safe situation.

By ‘wrong’ I mean…

  • Plugins that don’t sanitize/escape
  • Shortcodes not checking for validity/security
  • SQL prepare() issues
  • Using script tags instead of wp_enqueue()
  • Using curl/file_remote_get instead of the HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.
  • Trademarks (Starting your pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party name with “Microsoft” for example)

This is an incomplete list. I doubt anyone can make a plugin with 100% of all the things we look for since that changes nearly every day as people come up with new and inventive ways to be dangerous. Of course if you can, I’d love to see that too!

While we certainly can use some submitted/closed plugins for this, it would be nice to have a set of “These are some busted plugins to practice on”

I know some of you are clever folks and have things like that for fun, and right now, we want to see them! Email them (either zip or link to your repo) to plugins@wordpress.org with the subject “Demo Plugin for Reviewers” (we make heavy use of email filtering, so that subject is important!).

#community-support