[buddypress-trac] [BuddyPress] #4857: Automatic download of translations from translate.wordpress.org

buddypress-trac noreply at wordpress.org
Thu May 23 02:23:48 UTC 2013 

#4857: Automatic download of translations from translate.wordpress.org
-----------------------+-----------------------
 Reporter:  DJPaul     |       Owner:  DJPaul
     Type:  task       |      Status:  reopened
 Priority:  normal     |   Milestone:  1.8
Component:  i18n       |     Version:
 Severity:  normal     |  Resolution:
 Keywords:  has-patch  |
-----------------------+-----------------------
Changes (by johnjamesjacoby):

 * keywords:  has-patch needs-testing => has-patch
 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 This is a great patch and an amazing effort, but I reverted r7097 for a
 few reasons that I'll enumerate below:

 * Scaling: The .org !GlotPress installation isn't built with the influx of
 traffic from pings and bulk file downloads in mind. We run the risk of
 accidentally bringing down the house for a relatively small amount of our
 current audience.
 * Security: In short, strings in !BuddyPress that are not escaped (using
 esc_attr!__()|esc_attr_e()|esc_html!__()|esc_html_e()) become vulnerable
 to XSS via their connection to an externally linked library that is
 outside of our immediate control.
 * Timing: Automatic translation downloads are coming to the entire plugins
 directory as soon as !June/July, about the time 1.8 is due to be released.
 * Code: The languages should be in wp-content/languages, and not uploads.
 Looks like we're requesting updated zips when it's not necessary to quite
 yet.
 * Setting an Example: Having our translations in !GlotPress is a luxury
 that other plugins don't have. I'd hate for us to be the catalyst for
 other plugins going the route of installing their own !GlotPress instance,
 and trying to solve these problems when we're so close to being there for
 everyone hosting in the plugins directory.

 I've asked Nacin to chime in more about the future plans, since he's been
 working on this a bit already, and will be leading the effort in
 !June/July. I've asked him to give some feedback about the approach also,
 since he's already done some prototyping.

 In short, I'm happy this was worked on, and excited to hear more from
 Nacin about how we won't need to maintain our own code to handle all of
 this. :)

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4857#comment:19>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list