The Meta team is responsible for maintaining and managing WordPress.org websites. Our work is mostly done on the meta trac. If you see a bug, file a ticket!
We’re currently working on these fine projects, with more in store.
Check out our handbook to learn how to get involved.
For the Five for the Future project, I ended up writing some custom code for authentication tokens which are stateful, have (cryptographically secure) random values, and can only be used once.
Those tokens will be used by companies to manage their pledges, so if an attacker was able to obtain a token, they’d be able to change a company’s name, logo, description, etc to something inappropriate, remove contributors from the pledge, and deactivate the pledge entirely.
The reasons why authentication tokens were chosen is documented in the commit, and additional background is available in issue #34 and PR #46.
Does anyone have any thoughts on the code, think there are any missing test cases, or see any other problems? If you think there’s an active vulnerability, please ping me privately or report it via HackerOne.
This ticket scrub will happen on Thursday, October 17, 2019 at 05:00 PM UTC in the #meta-wordcamp channel.
The focus is on Meta tickets with the WordCamp Site & Plugins component.
Comment below if there’s a specific ticket or topic you’d like to discuss.
Here is a list of WordCamp.org feature developments and maintenance work that has been accomplished since the last update.
Oops! The ticket scrub scheduled for August 15th did not occur, so we’re trying again next week. This time the ticket scrub will happen on Thursday, August 22, 2019 at 05:00 PM UTC in the #meta-wordcamp channel.
The focus is on Meta tickets with the WordCamp Site & Plugins component.
Comment below if there’s a specific ticket or topic you’d like to discuss.
This ticket scrub will happen on Thursday, August 15, 2019 at 05:00 PM UTC in the #meta-wordcamp channel.
The focus is on Meta tickets with the WordCamp Site & Plugins component.
Comment below if there’s a specific ticket or topic you’d like to discuss.
+make.wordpress.org/community
Here’s a brief outline of the status of the various parts of the block directory project.
The design of the Block Inserter within Gutenberg has gone through detailed explorations and iterations. The installation flow has been handed off for implementation. There is still some ongoing discussion around how to handle missing blocks and other error states. Mel has also explored some ideas for managing blocks within wp-admin.
Implementing the Block Inserter is in progress in the form of a pull request. Some internal architectural changes are underway, but that’s testable now by anyone able to run a Gutenberg local environment. The next major hurdle after re-architecting the code is fully implementing and testing the plugin install code.
The Block Directory itself exists in a minimal form within the Plugin Directory. There is a prototype API endpoint for searching by block name, and work ongoing to implement that properly with ElasticSearch. Plugin developers can submit block-only plugins to the directory by including a block.json file and reaching out to @tellyworth in Slack. We’ve also explored the feasibility of supporting GitHub for block plugins.
Here is a list of WordCamp.org feature developments and maintenance work that has been accomplished since the last update.
### July 2 – July 15
### June 18 – July 1
This ticket scrub will happen on Thursday, July 18, 2019 at 05:00 PM UTC in the #meta-wordcamp channel.
The focus is on Meta tickets with the WordCamp Site & Plugins component.
Comment below if there’s a specific ticket or topic you’d like to discuss.
Props @timothyblynjacobs for pointing out that
===was used instead ofhash_equals(). Fixed in 35fa9932.