Staying neutral on my position on this, need more information

  • There’s no doubt this is bold and unprecedented move. Bringing Article 18 to light, which I’m sure 99% of us never read or knew existed, gives a wide and quite subjective swing of power to www.remarpro.com.

    It does feel at first take that this should d have been a true ‘fork’ not a rewrite of history takeover.

    But what else led up to this particular move, beyond the ongoing legal battle? Were these ‘security fixes’ truly warranted and ignored by the previous maintainer, or somewhat manufactured by www.remarpro.com to additionally justify the takeover.

    All the original contributors and developers are acknowledged so are they not able to continue to contribute to this going forward?

    I agree that ACF has been an inseparable component to building custom themes for years, so much so that it really fits better as canonical, just the same as Apple ‘sherlocking’ apps from time to time that most people would expect as a native feature.

    But given the maintainer of ACF (now hosted on their own website) also maintains the paid Pro version, the free open-source one will forever be limited in functionality.

    I definitely come back to the more honourable approach would seem to have been:

    • Fork as a new plugin
    • state that it’s interchangeable with current ACF free version
    • continuing expanding the functionality as I hope it would

    Please enlighten us how this would not have been possible?

    • This topic was modified 1 month, 1 week ago by elxr.
Viewing 2 replies - 1 through 2 (of 2 total)

  • The difference between Apple ‘sherlocking’ apps and this, is the plugin home page/URL and plugin data have been commanded. This isn’t starting something new, or forking, it’s taking what was there and renaming it.

    If they want to fork with a NEW plugin, then go ahead. Then it’s peoples choice wether to install or not.

    hetkanbeteronline

    (@hetkanbeteronline)

    Always stay neutral where you can if it involves corporate shenanigans that are not worth your time, money or effort.

    However, that does not mean any is exempt from obeying the laws and applied policies of the country you operate in. I can not cover this based on WordPress there own point 18 nor a still unclassified CVE.
    Under EU GDPR, we have been forced to file a data leak report for every client that used ACF due to a breach of integrity and availability.
    https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en

    A data breach occurs when the data for which your company/organisation is responsible suffers a security incident resulting in a breach of confidentiality, availability or integrity. If that occurs, and it is likely that the breach poses a risk to an individual’s rights and freedoms, your company/organisation ?has to?notify the supervisory authority without undue delay, and at the latest within 72 hours after having become aware of the breach. If your company/organisation is a data processor it must notify every data breach to the data controller.

    • Client sites lost access to the original plugin and currenty installation without prior authorization, resulting in a loss of freedom and individual rights, constituting a breach of availability.
    • Unauthorized changes in the data of client sites constitute a breach of data integrity.

      It is up to the involved Data Protection Authority (DPA) whether to pursue the cases. I expect to be able to handle this in our specific situation with a single phonecall in a week with them as follow up to our dataleak company file. But this should never have occured in the first place.

      None of this would have to be classified as a data leak if the plugin did not get replaced on client sites but instead denied update access or was simply only removed from the repository. We could just have replaced the plugins manually then during our audits, or if the clients authorized it, we could have changed it to SCF, which knowing our clients would for the majority not have been a big deal at all. Now we have been forced to act within 72 hours to replace SCF with the original and file reports on any occurence.

      So yes, this could absolutely be handled more appropriately and honourable approach.
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this review.