WordPress.org

Make WordPress Core

Opened 2 weeks ago

Last modified 3 days ago

#48486 new feature request

Add compliance tab to plugin repository pages on WordPress.org

Reported by: katwhite Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.3
Component: Plugins Keywords:
Focuses: accessibility, docs, privacy, coding-standards Cc:
PR Number:

Description

Overview

"Compliance tab" is a working title that can be amended to be less intimidating and/or more generalized.

The benefit of this tab is to provide WordPress site owners who are researching plugins with privacy, accessibility, and other information to determine if this plugin will meet their site needs prior to installation and activation.

Ideally, this information can also be used in search and filter scenarios on WordPress.org to find tools compatible with the needs of site owners.

Privacy

A privacy statement could include testing done against specific regulatory standards, and a statement of where data is transferred and stored at rest. It should also include any statements that need to be added to a site owner's privacy policy as part of using this plugin.

This could potentially leverage the privacy policy post box information currently available under Settings > Privacy, added in WordPress 4.9.6.

Accessibility

An accessibility statement could include the WCAG level that the plugin targets (A, AA, etc) and where to file any issues found.

Security

A security statement should include code standards followed, measures taken, and who to contact if you find a vulnerability.

Certifications

Any certifications that this plugin has undergone for compliance.

Change History (13)

This ticket was mentioned in Slack in #core-privacy by kat. View the logs.


2 weeks ago

This ticket was mentioned in Slack in #accessibility by kat. View the logs.


2 weeks ago

#3 @red_ninja
2 weeks ago

I think this is very good idea. Nice work privacy team.

#4 @burtrw
2 weeks ago

As a plugin author, we would love to have a standardized way to share this information and help with what we should be sharing.

The current way of adding to Settings > Privacy is hidden and only found by the average user (that won't dig through the code) after the plugin is installed and activated.

#5 @katwhite
2 weeks ago

Note: This ticket was submitted by the core-privacy team as part of WordCampUS 2019 contributor day.

#6 @Otto42
2 weeks ago

For this to happen, you would need to define the desired goals, essentially.

What does this information consist of? What would it look like?

Would it be displayed in the plugin details screen in core (example would be /wp-admin/plugin-install.php?tab=plugin-information&plugin=akismet screen)?

How it is displayed and where would be needed to define how to implement this. Once you know where you're going with it, then you'll know how to get there. :)

#7 @katwhite
2 weeks ago

@Otto42 thanks so much for the feedback. Is there a standard deliverable format for defining goals like this? Are you looking for UI mockups or suggested content for additional standard sections on thereadme.txt template?

Happy to provide whatever makes sense, but as this is my first one of these tickets, I'm not quite sure what the expected approach is for the team to articulate our ideal presentation of this information for further consideration.

#9 follow-up: @SergeyBiryukov
2 weeks ago

Hi there, welcome to WordPress Trac! Thanks for the ticket.

Just noting that this Trac is used for enhancements and bug reporting for the WordPress core software.

Any ideas, enhancements, or bug reports for WordPress.org sites, including Plugin Directory, should be submitted on https://meta.trac.wordpress.org.

#10 in reply to: ↑ 9 @Otto42
2 weeks ago

Replying to SergeyBiryukov:

Just noting that this Trac is used for enhancements and bug reporting for the WordPress core software.

Yes, there is some uncertainty as to the scope of the idea, so core is appropriate for now, since it would affect core depending on the changes needed. If it changes, we'll redirect it to the proper place, as needed.

This ticket was mentioned in Slack in #core-privacy by kat. View the logs.


12 days ago

This ticket was mentioned in Slack in #accessibility by afercia. View the logs.


3 days ago

#13 @afercia
3 days ago

Discussed during today's accessibility bug-scrub: the accessibility team definitely seconds this proposal, for obvious reasons :) But yes, it's related to meta and should be moved there, though we'd recommend some dedicated discussion during Slack dev chat.

Note: See TracTickets for help on using tickets.