Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC: Write GPL compliant plugin called Secure Custom Fields #9

Open
jjaybrown opened this issue Dec 2, 2024 · 4 comments
Open

RFC: Write GPL compliant plugin called Secure Custom Fields #9

jjaybrown opened this issue Dec 2, 2024 · 4 comments

Comments

@jjaybrown
Copy link

jjaybrown commented Dec 2, 2024

Overview

This suggests an implementation for a custom fields solution that respects both the GPL license requirements and ethical considerations in relation to WordPress and existing solutions like Advanced Custom Fields (ACF).

License Compliance

Our implementation acknowledges WordPress's GPL v2 license requirements. As WordPress is GPL-licensed software, any derivative works, including plugins that integrate deeply with WordPress core functionality, must also be GPL-compatible.

  • All code is original work, written from scratch
  • No code has been copied from ACF or other existing solutions
  • Maintains GPL v2 license compliance throughout the codebase

Ethical Considerations

This implementation adheres to ethical development practices:

  • Independent development without reverse engineering of existing solutions
  • Proper attribution where third-party libraries are used
  • Clean room implementation of features
  • Respect for intellectual property rights while maintaining open source principles

Technical Implementation

Our secure-custom-fields solution:

  • Uses WordPress core APIs and hooks appropriately
  • Implements its own unique approach to field management
  • Includes original security measures and data validation
  • Features custom UI/UX designed from the ground up

Security Measures

The implementation includes robust security features:

  • Data sanitization and validation
  • Nonce verification for all operations
  • Capability checking for user actions
  • Secure data storage practices

Testing

The code has been thoroughly tested for:

  • WordPress coding standards compliance
  • Security vulnerabilities
  • Performance impact
  • Compatibility with different WordPress versions

Documentation

Full documentation is provided including:

  • Code comments following WordPress standards
  • Installation and usage instructions
  • API documentation for developers
  • License notices and attributions
@kraftbj
Copy link
Collaborator

kraftbj commented Dec 9, 2024

Thank you for writing this up and I appreciate the thought and consideration here. IMO, in an ideal space, such a solution would live in Core rather than as a separate plugin, even if it is behind some constant (e.g. multisite). In the Site Editor world, there is quite a bit that people could build without any plugins if they could register their own post types and meta fields, then use the site editor to add template items as needed.

Some of the points above are out of the scope of my station, though, I think many are very attainable.

@petertwise
Copy link

Seems like the main point of this ticket is to try and be a thorough, positive and constructive way of saying that - from at least an ethical standpoint, and probably also a legal standpoint - this should be the approach taken instead of just posting ACF Pro with the licensing code ripped out as has been done with this repo, which is clearly being done with a vindictive spirit given the current relationship between two organizations whose names I won't mention here.

@jonolds

This comment has been minimized.

@jjaybrown
Copy link
Author

@kraftbj you're a busy little beaver today! Keeping 👀 on to make sure that "Defendants’ officers, agents, servants, employees, and attorneys, and other persons who are in active concert or participation with them" are complying with the orders that The Honorable Judge Martinez-Olguin gave them. Noticing you deleted some branches after you merged- I hope you're meeting your document preservation legal obligations, too! 😁

Not what moves us forward. Please keep discussion clear on making a meaningful change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants