[wp-hackers] Adding a plugins svn committer

Dan Phiffer dan at phiffer.org
Thu Oct 6 17:19:31 UTC 2011


Yeah, just to explain my special situation...

I've released a plugin, JSON API that we rely on for our website at MoMA.org. If it were compromised this wouldn't just be an inconvenience, we could lose our capacity to process credit card transactions. So I'm trying to err on the side of caution.

That is balanced against a desire to support extensions to the plugin that I don't require and don't have time to implement. I've been contacted folks who certainly strike me as responsible, but who I haven't met in person. I have no reason to doubt their trustworthiness, and I'd like the plugin to accommodate as many varied use cases as possible.

The plugin already has a GitHub presence, but managing pull requests and merging changes is something that doesn't take a high priority in my work day. So basically I'd prefer to accept commits on a single "primary repo" and be able to just review and release without feeling nervous imposing more risk. I realize all of this isn't a typical setup, so I definitely understand the limitations currently in place on the SVN repos.

Thanks for all the replies!

-Dan


On Oct 5, 2011, at 2:00 PM, Mike Bijon wrote:

> Agreed with Dion on SVN, having a trusted team is far better regardless of
> the VC system in use. Even with GitHub, unless you're doing very thorough
> code reviews on every pull ... then someone could slip bad/evil code in.
> 
> Remember the WordPress plugin repo is that it's still a partly-manual
> system, http://wordpress.org/extend/plugins/about/. Perhaps someone from
> Automattic could convince their future Community Handyman,
> http://automattic.com/work-with-us/community-handyman/ to update the
> plugin/SVN interface. Maybe something with a more-automated signup, with an
> 'owner' user, a separate "deploy" option, and more-granular permissions that
> the plugin admin could control in a web UI.
> 
> (admittedly, I'm applying to be that Handyman...)
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list