Unethical substitution of previous plugin
-
The previous plugin was a simple avatar. This version is some kind of membership / role system which is dangerous for most users. It introduces security risks that are completely unnecessary. It is unethical for whoever is behind this to make such a huge change. It should not be possible to swap one plugin for another without proper code review for the risks involved. If something is on the main WP repository we assume it has been vetted. In this case the best option is to delete this plugin and ban it from the repository unless it is reclassified as a separate plugin and reviewed and presented in that way rather than how it has just been swapped in. It might be an ok plugin but not in this context. It is damaging to the whole WordPress ecosystem.
This plugin is a new plugin and quite different to the one it replaced. It introduced security risks which were fixed (search wordfence) but should have never been there in the first place. Plugin substitution is a dangerous security loophole in the repository and requires a policy fix in my view.
-
Great comment / review on this @dialogcrm. Thank you for these crystal clear words about this situation.
- The topic ‘Unethical substitution of previous plugin’ is closed to new replies.
