Closed dwhly closed 5 months ago
I'm going to collect here some findings and steps we need to follow.
- Understand what guidelines did we violate for the plugin to be taken down
Potential problems:
Invalid License According to the guidelines, the license must be GPL-compatible.
Plugins must be compatible with the GNU General Public License
Although any GPL-compatible license is acceptable, using the same license as WordPress — “GPLv2 or later” — is strongly recommended. All code, data, and images — anything stored in the plugin directory hosted on WordPress.org — must comply with the GPL or a GPL-Compatible license. Included third-party libraries, code, images, or otherwise, must be compatible.
This is our plugin's license https://plugins.trac.wordpress.org/browser/hypothesis/trunk/license.txt
The only current officially supported version is the last major release of WordPress. Previous major releases before this may or may not get security updates as serious exploits are discovered. Our plugin states that v3.0.1 or higher is supported.
Possible actions.
We received more information from the WordPress plugins team:
The email associated with the plugins owner's user account bounced. As such, all plugins associated with the account were closed, because we do require your email to be functional.
- Make sure the email on the user account is valid
- If the email is a group mail or mailing list, make sure it can receive email from external domains or non-members (Google changed their defaults in 2019 due to GDPR laws)
- If the email forwards, check all addresses to make sure they're valid and do not forward bounces
- If the ownership of the plugin is in doubt, let us know what accounts are supposed to have access and be the official owners so we can transfer them appropriately
- You must update the plugin readme to confirm it is compatible with the current release of WordPress. This is to ensure people can actually find your plugin.
- Perform a full security and guideline check of your own work. Look for sanitization, remote loading of content, and any other minor bug.
- Update all the code and upload it to SVN.
- Reply to this email that you are ready for a review
I'm going to close this issue as completed, as we have managed to figure out the next steps.
I created https://github.com/hypothesis/wp-hypothesis/issues/40 to do the actual work in some following sprint.
https://wordpress.org/plugins/hypothesis/
These are the WordPress plugin guidelines we are supposedly violating: https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/