My plugin removed from WP.org extend directory

**Ryan** · 01-15-2010, 12:10 AM

Originally Posted by aldenml

Is this an artificial restriction? I don't think GPL is the problem

It is a restriction. There is no point in having direct rips of another plugin in there. It just creates clutter.

From a cursory glance I can't tell if you have improved the plugin or made it worse. At the very least, it doesn't look like you changed much, so that might have something to do with why it has been rejected. I don't really know for sure though.

**aldenml** · 01-15-2010, 12:22 AM

As a programmer, I can tell you that the plugin has a lot of changes, mostly in the source code. I have plans to gradually change all the code towards a more academic plugin. My objective is not widespread adoption or compatibility. Considering that this plugin is a very new fork, how they can argue that it is a direct rip?

The visual part is almost identical, except that the original is full of XHTML errors, mine is XHTML 1.1 valid. All the marketing stuff is gone.

I understand the restriction, but is it not logical at least send me a notification?

**aldenml** · 01-15-2010, 09:14 AM

Hi Ryan,

I was thinking about your argument about the possibility of being pulled out by similarity. Well, I found this plugin Platinum SEO http://wordpress.org/extend/plugins/platinum-seo-pack/.

The source code is almost identical. The user interface is tag coded in the same way (with a lot of XHTML errors by the way). The stats:

Created in: 2008-06-24
All time downloads: 188,223

I have a few concerns about this situation.

I sent an email to plugins@wordpress.org and to WP hackers mail list. Hopefully somebody will reply to me.

**Jeffro** · 01-15-2010, 10:17 AM

You can also go into the WordPress.com IRC channel #wordpress.com and speak with MarkR who handles the plugin repository side of things to see if you can chat in real time about your situation.

**conorp** · 01-15-2010, 10:28 AM

Originally Posted by Jeffro

You can also go into the WordPress.com IRC channel #wordpress.com and speak with MarkR who handles the plugin repository side of things to see if you can chat in real time about your situation.

Great idea!

You could also get his attention through Twitter.

**aldenml** · 01-15-2010, 10:13 PM

Thanks Jeffro, conorp. I will do IRC and twitter as well.

**Len** · 01-16-2010, 09:09 AM

After reading through this entire thread I'm left feeling very curious. Keep us updated aldenml.

**aldenml** · 01-16-2010, 09:33 AM

Hi Len, here it is the update. Jeffro, thanks for point me the right contact on the IRC. MarkR, thanks for your time.

Finally, I got some clarification. Unfortunately, It was not a happy one. I will post the IRC chat log at the end if you want the details. The reason the plugin was pulled out from the extend dir was a "security concern".

Some unknown "trusted PHP developer" person said that I was learning PHP and basically that I didn't know what I was doing. The advice was: "posting to the wordpress.org forums or the hackers list for advice and to get more eyes checking and helping secure it". I was not able to know who is this person.

I took some time to think about it. It's pretty easy for a hidden entity raise a security issue without giving any insight about the real problem. This is very common in the Enterprise-Business area but not for an Open Source Community Driven Development like WordPress and the plugin world.

Frankly, I don't think the WP.org forum and the hacker mailing list is the right place for advanced programming issues like the involved in this case.

I really appreciate if anyone in this forum can provide me with the name (and the contact) of some another trusted PHP developer. I will be more than happy to recognize the problem and fix it by my self.

Thanks.

IRC chat log:

<aldenml> I need to discuss a situation regarding my plugin pulled out from the extend dir
<markr> aldenml hi
<aldenml> hi markr
<markr> hat was the plugin name?
<aldenml> Light SEO : http://wordpress.org/extend/plugins/light-seo
<markr> http://wordpress.org/extend/plugins/light-seo/ too? Apparently the guy is learning PHP and has removed fairly important bits!
<markr> so you need to take some php advice and completely secure the plugin
<aldenml> hmm...well, I'm not learning PHP
<aldenml> how can you judge about it?
<markr> the person who said that knows a whole lot of php so their advice is trusted
<aldenml> it this a condition to be included in the public extend?
<markr> safety? good grief yes
<markr> we can't host unsafe plugins
<markr> if we find them they are removed immediately
<aldenml> well, but are you basing your decision in only one person's criteria?
<markr> yes, but as that person is a WordPress developer I trust them.
<aldenml> I underestand you
<aldenml> How I can fix the issue, if any at all?
<aldenml> I don't have any notice, advice
<markr> I would suggest posting to the wordpress.org forums or the hackers list for advice and to get more eyes checking and helping secure it. I can't give direct advice though, sorry.
<aldenml> Could I contact the WP developer?
<markr> they don't provide such support, sorry. Your best bet is the forums/hackers list or probably any php forum
<aldenml> I know, but I think this is a particular situation
<aldenml> I will not ask him about PHP or plugin developing
<aldenml> I will ask him about how hi can make such judment
<markr> they won't do this. You started with a safe plugin, you changed it to unsafe. That's where you need to go back to.
<markr> the judgement is made from experience
<aldenml> so, If a revert the plugin to the previous state
<aldenml> I will be included again?
<markr> but the previous state is the same as what?
<aldenml> the first version is the same AISEOP, with a lot of fixes
<aldenml> cos, AISEOP has a lot of performance and xhtml issues
<markr> all I can advise is you seek assurances elsewhere from others that your plugin is safe. I cannot help with that.
<aldenml> ok, I underestand
<aldenml> Not able to know the WP dev identity, is it a security/privacy concern?
<markr> no, but they won't help
<aldenml> I think, it will be a good starting point, to seek for assurance
<aldenml> If the WP dev don't want to help me, well, that will be another story
<markr> I have said they do not have time to help. So if I tell you then you will ask them for help. Please seek the advice I have recommended.

**chipbennett** · 01-16-2010, 09:51 AM

Originally Posted by aldenml

Hi Len, here it is the update. Jeffro, thanks for point me the right contact on the IRC. MarkR, thanks for your time.

Finally, I got some clarification. Unfortunately, It was not a happy one. I will post the IRC chat log at the end if you want the details. The reason the plugin was pulled out from the extend dir was a "security concern".

Some unknown "trusted PHP developer" person said that I was learning PHP and basically that I didn't know what I was doing. The advice was: "posting to the wordpress.org forums or the hackers list for advice and to get more eyes checking and helping secure it". I was not able to know who is this person.

I took some time to think about it. It's pretty easy for a hidden entity raise a security issue without giving any insight about the real problem. This is very common in the Enterprise-Business area but not for an Open Source Community Driven Development like WordPress and the plugin world.

Frankly, I don't think the WP.org forum and the hacker mailing list is the right place for advanced programming issues like the involved in this case.

I really appreciate if anyone in this forum can provide me with the name (and the contact) of some another trusted PHP developer. I will be more than happy to recognize the problem and fix it by my self.

Thanks.

IRC chat log:

<aldenml> I need to discuss a situation regarding my plugin pulled out from the extend dir
<markr> aldenml hi
<aldenml> hi markr
<markr> hat was the plugin name?
<aldenml> Light SEO : http://wordpress.org/extend/plugins/light-seo
<markr> http://wordpress.org/extend/plugins/light-seo/ too? Apparently the guy is learning PHP and has removed fairly important bits!
<markr> so you need to take some php advice and completely secure the plugin
<aldenml> hmm...well, I'm not learning PHP
<aldenml> how can you judge about it?
<markr> the person who said that knows a whole lot of php so their advice is trusted
<aldenml> it this a condition to be included in the public extend?
<markr> safety? good grief yes
<markr> we can't host unsafe plugins
<markr> if we find them they are removed immediately
<aldenml> well, but are you basing your decision in only one person's criteria?
<markr> yes, but as that person is a WordPress developer I trust them.
<aldenml> I underestand you
<aldenml> How I can fix the issue, if any at all?
<aldenml> I don't have any notice, advice
<markr> I would suggest posting to the wordpress.org forums or the hackers list for advice and to get more eyes checking and helping secure it. I can't give direct advice though, sorry.
<aldenml> Could I contact the WP developer?
<markr> they don't provide such support, sorry. Your best bet is the forums/hackers list or probably any php forum
<aldenml> I know, but I think this is a particular situation
<aldenml> I will not ask him about PHP or plugin developing
<aldenml> I will ask him about how hi can make such judment
<markr> they won't do this. You started with a safe plugin, you changed it to unsafe. That's where you need to go back to.
<markr> the judgement is made from experience
<aldenml> so, If a revert the plugin to the previous state
<aldenml> I will be included again?
<markr> but the previous state is the same as what?
<aldenml> the first version is the same AISEOP, with a lot of fixes
<aldenml> cos, AISEOP has a lot of performance and xhtml issues
<markr> all I can advise is you seek assurances elsewhere from others that your plugin is safe. I cannot help with that.
<aldenml> ok, I underestand
<aldenml> Not able to know the WP dev identity, is it a security/privacy concern?
<markr> no, but they won't help
<aldenml> I think, it will be a good starting point, to seek for assurance
<aldenml> If the WP dev don't want to help me, well, that will be another story
<markr> I have said they do not have time to help. So if I tell you then you will ask them for help. Please seek the advice I have recommended.

There are 8,000 plugins in Extend - some of which have not been updated for five years - and your fork of a formerly-free-but-now-pro plugin is the one that gets yanked for "security reasons"?

And it gets pulled without any concrete explanation of the "security concerns" posed by your plugin? And without telling you who levied the accusation of "security concerns" against your plugin?

I don't buy it. It may be legit, but it smells fishy.

You deserve to be told what the specific security allegations are, and who it is that is alleging those concerns.

If they want to clean up the Extend repo on the basis of "security concerns", I would start on Page 532 (as sorted by Recently Updated), and work their way forward.

**andreasnrb** · 01-16-2010, 10:46 AM

I'm curious about it I'll have a look later today. Don't think I'm a trusted PHP dev though =).

Thread: My plugin removed from WP.org extend directory

LinkBack

Thread Tools

Display

Posting Permissions