Opened 6 weeks ago
Last modified 6 weeks ago
#7217 new defect (bug)
Plugin Directory: Auto remove zips for plugins closed more than 60 days with no activity
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Component: | Plugin Directory | Keywords: | |
| Cc: |
Description
When a plugin is closed, developers are allowed to still push code to it, in the hopes that all corrections will be made.
However, a large percentage of plugins are never updated, resulting in a situation where people can (in fact) download zips of a plugin if they know how, even though no one should be using the plugin.
It would be nice if zips were auto-removed and no longer built if the following criteria is met:
- The plugin is closed for at least 60 days
- There have been no code-changes for at least 60 days
OR
- There is no one with commit access to the plugin
On top of that, we should probably have a way to nuke all the files in the case of a GPL issue (i.e. if the plugin used non GPL code, we need to ensure it cannot be downloaded and really should nuke the files, but that's a bigger headache). I think, by preventing downloads of the zip, we protect ourselves a bit more.
It will also prevent angry people who were banned from kvetching that we 'kept their code' (even though it's open source...).
Instead of removing the files, we probably just want to limit access to them instead.
We could introduce a new post_meta along the lines of
unavailablewhich if true/unset/etc would deny access to the ZIP.That would mean that if the plugin is re-enabled, the previous ZIPs would become available again without needing to be rebuilt (which is important, if we care about file signatures or something).