Joost de Valk over at yoast.com has together with Andrew Nacin (see update) used wordpress.org to try and kill of a plugin. A bad plugin, an evil plugin but the nature of the plugin is not the real problem in this story. Their actions has to me opened up a can of worms that we need to deal with.
So what exactly did they do?
They, as Joost De Valk wrote on his blog, took advantage of WordPress automatic updates and created an empty plugin on WordPress.org with a higher version number than BlogPress SEO. WordPress then displays that there is an plugin update available and when people download it BlogPress SEO gets its essence removed. This only works since BlogPress SEO didn’t disable automatic updates. In other words WordPress.org has been used to try and kill of a plugin that people did not like.
So what does the worms represent?
Well they represent as I see it 3 questions that the WordPress Community needs to deal with.
1. Should WordPress.org be used to try and disable plugins/themes?
This is really the big question. And I think a lot of people will say yes but to me this goes beyound the nature of the project and into ideology. The very essence of open source projects is to give end users power over their software, a killswitch would essentially take away power from the enduser and give more power to the project leadership.
One of the arguments for GPL is that it empowers the end user to take control over the software they use, killswitch removes power from the ordinary enduser. Would a killswitch be inline with the ”spirit of the GPL” that GPL advocates love to throwaround?
2. What criterias needs to be met for doing so?
So assuming we answered Yes on the previous question what criterias should plugins and themes have to meet inorder to be killed off by remote control?
If you’re a WordPress GPL conformist you would say one criteria is: Plugins and themes that does not conform to the GPL. But I won’t say that since I hope no one is so stupid that they would actually do something like that. Not that this criterias hasn’t crossed my mind given the attitude in certain parts of the community with regards to the GPL.
On a more serious note the criteria would be: The plugin/theme purposely creates a backdoor. That is gives access to people that is not suppose to have access to the WordPress site. Why purposely? Well security holes is to be dealt with by contacting the author of a theme/plugin regardless of the plugin/theme license.
3. And who decides which plugins/themes that should be killed?
Yes the management question. Who is in charge of what? Would it be up to the core devs? Matt? Plugin/Theme reviewers etc? I have no answer to give on this question. All choices will be wrong for some people.
So what do you think? Should WordPress.org take the step and introduce a plugin/theme killswitch?
** Update **
Andrew Nacin was not made aware of the purpose of Joosts plugin, so the removal of BlogPressSEO was not sanctioned from above.
You should keep an eye on Joosts De Valks blog for more interesting news regarding wp.org.