SPIKE: Scope bringing wordpress plugin back online

[dwhly]

https://wordpress.org/plugins/hypothesis/

These are the WordPress plugin guidelines we are supposedly violating: https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/

[acelaya]

I'm going to collect here some findings and steps we need to follow.

1. Understand what guidelines did we violate for the plugin to be taken down
2. Once we know, solve those
3. Consider hosting plugin code in GitHub. we actually have a repo already https://github.com/hypothesis/wp-hypothesis
   Use https://github.com/10up/action-wordpress-plugin-deploy to publish the plugin in the official plugin directory.

[acelaya]

1. Understand what guidelines did we violate for the plugin to be taken down

Potential problems:

• Invalid License
  According to the guidelines, the license must be GPL-compatible.

  Plugins must be compatible with the GNU General Public License

  Although any GPL-compatible license is acceptable, using the same license as WordPress — “GPLv2 or later” — is strongly recommended. All code, data, and images — anything stored in the plugin directory hosted on WordPress.org — must comply with the GPL or a GPL-Compatible license. Included third-party libraries, code, images, or otherwise, must be compatible.

  This is our plugin's license https://plugins.trac.wordpress.org/browser/hypothesis/trunk/license.txt

• Supporting too old WordPress versions
  According to the docs, only the latest major WordPress version is actively supported. At the time of writing this, that's v6.x

  The only current officially supported version is the last major release of WordPress. Previous major releases before this may or may not get security updates as serious exploits are discovered.
  Our plugin states that v3.0.1 or higher is supported.

Possible actions.

• According to the docs, when a plugin is closed due to guideline violations, plugin owners are emailed with the reasons.
  I'm trying to find a way to contact the WordPress team, letting them know that the people owning the plugin at the time of being closed, did not own it anymore, to see if we can get the list of violations in a different way.
  EDIT: Just contacted them via plugins@wordpress.org

[acelaya]

We received more information from the WordPress plugins team:

Reason

The email associated with the plugins owner's user account bounced. As such, all plugins associated with the account were closed, because we do require your email to be functional.

What to do next

• Make sure the email on the user account is valid
• If the email is a group mail or mailing list, make sure it can receive email from external domains or non-members (Google changed their defaults in 2019 due to GDPR laws)
• If the email forwards, check all addresses to make sure they're valid and do not forward bounces
• If the ownership of the plugin is in doubt, let us know what accounts are supposed to have access and be the official owners so we can transfer them appropriately
• You must update the plugin readme to confirm it is compatible with the current release of WordPress. This is to ensure people can actually find your plugin.
• Perform a full security and guideline check of your own work. Look for sanitization, remote loading of content, and any other minor bug.
• Update all the code and upload it to SVN.
• Reply to this email that you are ready for a review

[acelaya]

I'm going to close this issue as completed, as we have managed to figure out the next steps.

I created hypothesis/wp-hypothesis#40 to do the actual work in some following sprint.