Upgrade Node/NPM on Build Server

Could Node please be upgraded to the latest LTS version (8.11.2), and NPM upgrade to 6.1.0?


WordCamp.org vulnerability scan

Just a heads up that our GDPR consultants are going to run a vulnerability scan on WordCamp.org on the 29th, as part of their audit. It’ll be coming from these ranges:


There’s nothing to do on our end, I just wanted to make sure y’all were aware. I’m assuming it’ll be relatively standard, automated scans, nothing too targeted, and nothing destructive.

cc @barry

Transferring wp-cli.org DNS to WordPress.org

I’d like to shut down the CloudFlare account I created for wp-cli.org. Can we have WordPress.org host DNS instead?

Notably, before the switch is made, these redirect rules would need to be replicated in some way:


Request to remove Subversion repo for old bbPress plugin

An old bbPress.org forum user made a request to remove their old bbPress 1.x generation plugin.

Their request:



This is my first time seeing anyone ask for this, so I’m not sure what’s achievable. If it’s possible and there’s a way to do it from my sandbox, I’m happy to help moderate these.


WordPress Foundation Trademarks Email + Zendesk

Currently WPF trademark emails are sent from trademarks@audrey.co, but that causes confusion since people expect them to come from the Foundation, and don’t know what Audrey is. @clickysteve would like to be able to send those emails from trademarks@wordpressfoundation.org instead, and Matt approved that.

I’m guessing that means we’ll need a full mailbox for trademarks@wordpressfoundation.org, and also a forward from that new mailbox to the existing trademarks@audrey.co address.

They use Zendesk, though, so I’m not sure exactly how that’s setup. It’s possible that it just spoofs the Sender header and relies on the SPF record to allow that, instead of authenticating via SMTP. It sounds like they just want it configured the same way that the other Zendesk accounts are.

Does that give you all the information you need to set it up?

cc @kraftbj


Setup DoAction.org

We’d like to move doaction.org onto official infrastructure. WordPress.net is probably the best place.

  • When creating it, please set it to use PHP7.
  • We’ll also need SSH access for @coreymckrill, @hlashbrooke, and myself.
  • Hugh will need commit to https://meta.svn.wordpress.org/sites/trunk/doaction.org.

After it’s setup, we’ll migrate the code and content. Once that’s done, we can transfer the domain and change DNS to point to wp.net.



Enable SSL for s.w.org on sandboxes?

Can we enable s.w.org for sandboxes? It would make debugging Trac and other resources in production easier if we could have the CDN hitting developer sandboxes instead.

As far as I can tell, The only thing that needs doing is adding the *.w.org cert to the s.w.org hostname.

Right now when sandboxing s.w.org the process requires you to load a resource, approve the invalid cert, reload the other page, and then rinse-repeat when the browser starts rejecting the cert again randomly.


The Codex /FAQ page no…

The Codex /FAQ page no longer works and instead appears to force a download of the content of the faq.php mediawiki file instead based on https://www.mediawiki.org/wiki/Topic:Sy299uk8kpikvnib

Can we add some kind of nginx rule to force mediawiki to be loaded in that scenario instead?

Ref: https://meta.trac.wordpress.org/ticket/3513

Thanks in advance.

Please update the forward of…

Please update the forward of slackinvitehelp@w….org to forum-password-resets@w…..org instead.


Please install `make` & required dependancies on sandboxes

It seems that some node modules need to compile various things, particularly libsass.

To reproduce:
cd wp-content/themes/pub/wporg
npm install

If you need the raw log output, you’ll find those in ~/.npm/_logs on my sandbox.

At least pub/wporg, pub/wporg-main, and pub/wporg-plugins currently have the same issue.