FreeScout for WordCamp events

A proposal/idea was put forward from the WordCamp community for us to provide a shared open-source FreeScout instance, in addition to GSuite accounts, rather than every event which wishes to use it setting it up themselves.

Using HelpScout for these is not currently viable due to the cost of provisioning accounts for all events, although larger events may already budget for it themselves (Such as WCUS, WCAsia uses a self-hosted FreeScout instance).

Before any further investigation is put in from our side, I’d like input from Systems on whether this is something that we can provide on our infrastructure, if there are any security concerns, or if this is something we should look at hosting outside of the primary WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ infrastructure/domains.

Ideally, we’d probably want to host it on a wordcamp.org subdomain, but wordpress.net, or a new domain such as wordcamp-email.com wouldn’t be out of the question.
Authentication would likely be handled through WordPress.org/WordCamp.org, rather than duplicate accounts. We could potentially limit all access to the host with an authentication check that requires a WordCamp.org role, limiting any potential security aspects to those we trust to have WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. access.

FreeScout would require an often-run cron task (PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php. CLICLI Command Line Interface. Terminal (Bash) in Mac, Command Prompt in Windows, or WP-CLI for WordPress.), php (with IMAP), and mysqlMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/..

Email ingestion would be similar to how SupportPress/SupportFlow used to work, the cron task uses IMAP to poll the accounts. This could become problematic if we have a lot of inboxes provisioned. It remains to be seen if this is viable with how Google Inboxes are configured as to how IMAP access works.
Email sending would either be direct from the host, via Google SMTP, or via WordPress.org SMTP.

Ongoing maintenance, such as software upgrades, would likely need to be handled by the WordCamp development team. Systems involvement would hopefully be minimal.

This isn’t intended on replacing our usage of HelpScout, unless it proved to be as stable and feature-complete, then that may be looked at later on.

#email #freescout #wordcamp-org #feedback #prio3

Sandbox for danielbachhuber Could I…

Sandbox for danielbachhuber

Could I get a sandbox again, for making changes to make.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//cli (e.g. #6394)?

Thanks for the consideration!

#prio3

Helpscout cannot email to @wordpress.org…

Helpscout cannot email to wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ from wordpress.org

Occasionally there’s the need for Helpscout inboxes, which are @wordpress.org inboxes to send emails to other @wordpress.org email addresses, these might be just CC’ing a given WordPress.org user, or forwarding an email to a different Helpscout instance.

Unfortunately, it appears that this is currently blocked by the WordPress.org SMTP servers. Can we allow HelpScout to send-as wordpress.org to WordPress.org?

The relevant part from the bounce is: (noting, I’ve replaced the inboxes for spam purposes, dpo is the sender, and recipient was security in this case)

Final-Recipient: rfc822;mailbox-here@wordpresss.org
Action: failed
Status: 5.7.1 (delivery not authorized)
Remote-MTA: dns;mail.wordpress.org (198.143.164.147)
Diagnostic-Code: smtp;554 5.7.1 <helpscout-inbox@wordpress.org>: Sender address rejected: Access denied
X-PowerMTA-BounceCategory: invalid-sender

The bounce email is available here: https://secure.helpscout.net/conversation/1966354976/301771 and stored in the private PasteBin as #184485 with ID of 2d0a5. (Alternatively, ask a Neso team member for a copy of the email if you’re unable to locate that and unable to locate the HS credentials)

#mail #helpscout #prio3

Grant dotorg trac access for Brandon Kraft

Following on from https://make.wordpress.org/systems/2022/04/11/commit-for-images-core-emoji-could-i/ can we please add kraftbj to the dotorg tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. allowed users list?

Thanks in advance.

#trac #prio3

Enable sub-sites for developer.wordpress.org

The developer.wordpress.org host configuration doesn’t support sub-sites right now, this is due to nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. rules such as rewrite ^/(wp-(admin|includes)/.*) /wordpress/$1 break; rather than the sub-site variant of rewrite ^/([_0-9a-zA-Z-]+/)?(wp-(admin|includes)/.*) /wordpress/$2 break;.

While the existing developer.wordpress.org configuration could be updated to match that of the make.wordpress.org configuration, we can just combine them, serving both networks from the existing make.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ configuration, with the addition of the developer.wordpress.org domain name in the server_name field. There’s nothing special/unique in either configuration, other than generic WordPress MultisiteMultisite Multisite is a WordPress feature which allows users to create a network of sites on a single WordPress installation. Available since WordPress version 3.0, Multisite is a continuation of WPMU or WordPress Multiuser project. WordPress MultiUser project was discontinued and its features were included into WordPress core.https://codex.wordpress.org/Create_A_Network. rules.

A working sub-site configuration would return 200 for this request:

$ curl -sI https://developer.wordpress.org/testing-subsites/wp-includes/css/dashicons.min.css
HTTP/2 404
..

#prio3 #devhub #nginx

CORS headers for s.w.org

Would it be possible to enable CORS headers on s.w.org?
A number of CSSCSS CSS is an acronym for cascading style sheets. This is what controls the design or look and feel of a site./JS features require accessing images/svg/fonts via a fetch request, and currently they’ll be blocked due to a cross-origin request. That means we can’t serve svgs, fonts, and some CSS/JS files from the s.w.org CDN and instead use wordpress.org.

I assume these headers would suffice, which conveniently matches s0.wp.com‘s headers, so I assume would be safe for us to do.

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *

If we need to limit it to certain filetypes, images (.svg, .png, .jpg), fonts (.woff2 .woff, .ttf, .eot) and styles/scripts (.css, .js) would probably suffice, but I don’t think there’s any security requirement to do so given the contents of this CDN are static non-cookied non-modifying responses?

Existing cached assets should be fine to be left as-is without the headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes..

Let me know if there’s any questions or concerns.

#crossorigin #cdn #prio3

Disable Themes Trac browser for root index

As we do for Plugins Trac, can we redirect `https://themes.trac.wordpress.org/browser/?$` to wordpress.org/themes/ ?

Due to the number of themes, TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/./nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. 502’s (Apparently it previous crashed trac, unsure what it’s doing now other than timing out) and the upstream trac issue hasn’t been touched in years.

Diff, as per plugins.trac.wordpress.org.

--- trac.wordpress.org.conf  (revision xxxxxxx)
+++ trac.wordpress.org.conf (working copy)
@@ -341,0 +342,5 @@ server_name themes.trac.wordpress.org;
+   # Too many themes, page doesn't load.  Instead just crashes trac
+   location ~ ^/browser/?$ {
+       return 302 https://wordpress.org/themes/;
+   }
+

ref: https://meta.trac.wordpress.org/ticket/4861

#prio3

Remove bad plugins SVN tag

It looks like someone managed to create a svn tag with a character return in it over a year ago, unfortunately however this tag can’t be removed, and as a result, the tag list for the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party can’t be checked out without causing SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. to go into a 100% cpu loopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop..

It looks like the request is being denied by nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. prior to the request hitting ApacheApache Apache is the most widely used web server software. Developed and maintained by Apache Software Foundation. Apache is an Open Source software available for free., so if a systems team member could bypass nginx and execute svn rm https://plugins.svn.wordpress.org/blogger-to-wordpress-redirection/tags/2.2.6%0d/ that would be appreciated.

This tag will also cause problems for the plugin directory, as it uses the CLICLI Command Line Interface. Terminal (Bash) in Mac, Command Prompt in Windows, or WP-CLI for WordPress. SVN commands to interact with the plugin as well.

ref: https://wordpress.slack.com/archives/C02RQC6RW/p1609928527429400

#prio3

Sandbox out of disk space

Hi, I’m not able to run the ip2location update script, because I’m out of disk space. Part of the reason for that is I have 2gb of Xdebug trace.* files in my temp folder, but I can’t delete them because of permissions.

I’ve already run svn cleanup --include-externals on the main codebases.

A short term fix might be to just delete those files for me, but long term it’d be nice to be able to delete them myself.

Regardless of that, though, several of us frequently run out of space, so it feels like the margins are too tight. Increasing the allocation for everyone might solve the deeper problem?

#prio3

Can we please enable SSL for lists.wordpress.org?

Currently the domain isn’t accessible over SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server., and it’s not uncommon for links to be SSL’d or for browsers to force SSL.

ref: https://meta.trac.wordpress.org/ticket/629

#ssl #prio3