Allow legitimate use of trademarks

[bluefuton]

I help maintain the Akismet product, and we've had a user report that the plugin fails the trademarked_term test:

In this case, Automattic owns the trademark and we are permitted to use this. Would it be possible for the trademark check to take account of a list of plugins that legitimately can use the trademark?

[swissspidy]

Hmm it's a bit of an education/documentation issue I suppose. The trademark check is part of the plugin review category which is mostly relevant for initial plugin submission. It's not really something to test on an already published plugin. But I totally get that this causes confusion and unnecessary support burden like in your case.

Maintaining a hardcoded list somewhere is not really scalable, so perhaps we could just check if the plugin is already published in the repo and don't warn if that's the case (because then obviously it already got approved for use).

Curious to hear what others think.

[bluefuton]

perhaps we could just check if the plugin is already published in the repo and don't warn if that's the case (because then obviously it already got approved for use)

That sounds like a smart solution 👍

I think people are trying Plugin Check with Akismet because it's a plugin all sites have by default, so it's the natural choice for a test run.

[felixarntz]

@swissspidy While I generally would agree with the sentiment of hard-coding plugins not being maintainable, I wonder how much that applies here, given that even the inclusion of the term "akismet" is plugin specific, for instance. The trademark check is all about checking "hard-coded" terms anyway, so I think hard-coding specific exceptions which are authorized to use specific terms is worth considering.

Checking for whether the plugin is already published could work, though with that I'm worried that a plugin could also change some of this data later (plugin names for instance can always be changed).

Potentially, we should hard-code authorized wordpress.org accounts rather than individual plugins, as that would simplify things. For instance, instead of hard-coding every single Woo extension, we could only hard-code their .org account, which we could get from the Contributors entry in readme.txt. WDYT?

[swissspidy]

The contributors list can also always be changed, so that‘s no guarantee either.

Since this is an edge case (people testing PCP on a plugin that exists on their site), we can probably just add a hardcoded allowlist of plugin slugs for now and then iterate later.