[wp-hackers] Plugin Privacy Option (was Revisiting phone home and privacy)

Doug Stewart zamoose at gmail.com
Mon Dec 14 00:03:45 UTC 2009

On Sun, Dec 13, 2009 at 6:53 PM, Jeremy Clarke <jer at simianuprising.com>wrote:

> +1, I liked the original idea but I like this better. Add a filter to
> the updater and make sure its a two-liner to disable your plugin from
> inside itself. Maybe this is already possible, if so someone please
> just paste in the two lines and we can all relax about our nonexistent
> super-private plugins.
What about this: what if you added a Plugin-Update-URI header field to
plugins and themes? Themes or plugins without an explicitly-defined URI
would default to checking api.wordpress.org while plugin/theme devs that
don't (for whatever reasons) want to use the .org hosting environment can
host their own updates. Then, we could supply the necessary info for 3rd
parties to implement the expected return values from the update API and then
they, too, could take advantage of the internal WordPress upgrade checking,
further reducing ways that individual blogs can be compromised.

(I'm thinking particularly of cformsII and simple:press forums as heavy
no-auto-update offenders...)


More information about the wp-hackers mailing list