Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: copyright

  • GPL Isn’t Protecting You

    GPL Isn’t Protecting You

    Some days I know my plugin reviews are going to wreck me. January has had a lot of complaints from people about aspects of the GPL. Specifically they wanted to know how to protect themselves with the GPL.

    The truth is the GPL is not protecting anything except the right of the next guy to take your code and do stuff with it. And that terrifies people.

    I’m not entertaining a discourse on the merits or legality of the GPL here. Those comments will be deleted. Simply put, a requirement of the WordPress.org repositories is that to be hosted there you must be GPLv2 (or later). At that point, every other argument is moot. Your code has to be GPLv2 to be in the repositories. End of story.

    Okay. So what’s there left to discuss about protecting yourself and your code? Three things: Trademarks, copyright, and theft. Here we go.

    Trademarks

    GPLv2 doesn’t protect your trademark, but that doesn’t mean your trademark isn’t protected. While any image you put in your WordPress theme or plugin has to be given as GPLv2 compatible, that doesn’t void your trademark. A freely offered image that is trademarked (say, the WordPress logo) can be used in your plugin, but it comes with restrictions after all. The inclusion of the SVG of the logo in GPL code doesn’t change that.

    One of the things that changed in GPLv2 and GPLv3 was related to this. Remember, GPLv2 allows all code that does not include any restrictions that were not already in GPLv2. As long as license was as free (or freer) than GPLv2, it was deemed to be GPL-compatible (see the WTFPL). The issue with that is some licenses were very easy to comply with but had clauses like you couldn’t use certain trademarks. This caused confusion, as it was read as a restriction. The thing was that it wasn’t! Regardless of what the license said, you never had permission to use the trademark.

    This is good for companies. You can trademark your logo and, if someone takes it redistributes a fork with the logos still in it, they’ve violated trademark law. And you can protect yourself there. I suggest you read Joomla’s post on the matter of Trademark protection to get a better idea of how it all works.

    Copyright

    Copyrights are another thing that the GPL doesn’t protect. Except it does.

    GPLv2 and GPLv3 are both copyleft:

    To copyleft a program, we first state that it is copyrighted; then we add distribution terms, which are a legal instrument that gives everyone the rights to use, modify, and redistribute the program’s code or any program derived from it but only if the distribution terms are unchanged. Thus, the code and the freedoms become legally inseparable.

    What does that mean? Your copyright is yours. By the act of writing code, you own the copyright (with some exceptions, like if you’re hired to write the code). When you contribute code to an open source project like WordPress, you STILL retain the copyright unless you give it away, but the license is whatever the project’s license is. Most of the time this is fine, but as I recently saw with Hugo, this can be problematic when a project wants to change their license. Hugo had to get permission from every single person who had contributed.

    This is, by the way, why WordPress will probably always be GPLv2.

    One way around this is to require everyone to waive their copyrights in order to contribute. I believe DotNuke did this. Whomever owns the copyright, if the code is still licensed in a way that allows for free distribution then nothing’s really changed. The code is still open.

    Of course, then there’s the jQuery Foundation does with their Individual Contributor License Agreement – In order to contribute to jQuery’s code or website, you have to sign that and provide a valid email. This gives them a way to contact everyone and also makes sure you understand what you signed up for. WordPress just has a checkbox when you submit your code to remind you that you’ve given it up.

    If you’ve ever looked at the jQuery Foundation License, you may have noticed this line:

    You are free to use any jQuery Foundation project in any other project (even commercial projects) as long as the copyright header is left intact.

    This is not imposing a restriction more than GPLv2. See the bit in trademarks. Legally you had to do that anyway, they’re just reminding you not to be a tool and leave this simple line in:

    • Copyright jQuery Foundation and other contributors

    I bark at developers a lot for removing the license headers from javascript files. Don’t do it. You’re violating copyright and, if the original devs complain, you’ll lose your code until you fix it. Which is the point here. Copyright exists beyond GPL, so the fact that it doesn’t actively protect it doesn’t make it not enforceable.

    Theft

    I don’t mean legal here.

    A lot (a lot) of people argue that their plugin should be able to be encrypted or obfuscated to make it ‘harder to steal.’ I hear that about once a week, if not more. And my answer to all of them is “Not if you want to be hosted on WordPress.org.” WordPress.org has an ‘above and beyond’ understanding of the idea of distribution and allowing people to edit. It’s felt that the spirit of GPL means your code should be easy for someone to read and fork.

    I said a dirty thing there, I know. The ‘spirit’ of the GPL is probably causing some of my friends to roll their eyes so hard they’ve got migraines. Sorry about that. But it really is the one time I use it. When I say the ‘spirit’ I mean the intention of the license and it’s application to WordPress.org’s repositories only. Right or wrong, agree or disagree, it’s straightforward. If you want to have your code in the .org repos, it’s gotta be human readable.

    There’s a simple reason for this. The GPL Copyleft is all about freedom and keeping that freedom alive. The Copyleft says that anyone who redistributes the software, with or without changes, must pass along the same freedom to further copy and change it. In order to allow people to change the code, we want it to be human-readable. We want people to be able to look at your code and say “Oh I understand how this works. I will improve it!” When you take away, or overly complicate their ability to do that, we feel you’re intentionally impinging on that freedom. You’re trying to find a way around it, basically.

    About the only time I’ve heard someone not claim they were smushing the code up to protect it from being stolen is when someone has smashed their javascript into a p,a,c,k,e,d() type compression file. I actually hate those files. Javascript is hard enough as is! Stop making it harder. Plus I need to tell you something really important.

    While minifying your javascript will improve a website’s performing by decreasing the load time, it doesn’t make it run any faster for the majority of code out there. Of course there are situations (large libraries or limited devices) where this is not the case, but trust me here. Your 7 line javascript is not going to be significantly faster just because you compressed it. I advocate using the .min version of common libraries, but unless your code is huge, leave it alone and let other people see how to edit it.

    Bonus: Distribution

    GPL comes into play when your code is distributed. If I put my code on my server and never give it to anyone, it’s not been distributed so licenses don’t really matter. As the GPL FAQ explains:

    But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL.

    It’s the big if there. What constitutes distribution? Is your browser downloading a javascript file in order to run my site distribution? Is handing you a zip file distribution?

    I always recommend people play it safe.

  • It’s Not GPL and That’s Okay

    It’s Not GPL and That’s Okay

    I’m probably starting a wildstorm here, but I want to put this out there. I don’t always use 100% GPL products on my sites, and that’s okay.

    Please put down your pitchforks!

    I am a happy Open Source person. If you give me a choice between two equally good products, one being Open Source and the other not, I’ll pick Open Source any day of the week. But. There’s a reason I use Apple Pages and not Open Office. Pages works for me. It fits my workflow, it fits my brain, and it makes me write more easily. Since I’m often sprawled on the couch writing with my thumbs on my iPad Mini, it makes perfect sense to use Pages and iCloud.

    But there’s another place I don’t worry too much about GPL or Open Source, and that’s when I’m coding something that is only ever going to be for me.

    I was working on a new site and we were looking for icons to properly represent how we felt. We needed a toaster. We didn’t have one in Font Awesome or Genericons, so I pulled up Symbolicons! The catch? It’s not GPL. But the thing was, we knew we’d never be distributing these icons. It was for one website, so why did it matter?

    And the fact is that for this use case, it did not matter at all!

    patchwork elephant

    Understanding what I’m doing, who it’s for, and where it’s going to be used is highly important. And understanding what I want to support and maintain is equally important. For the most part, open source doesn’t come with Apple Care or companies like OWC who specialize in bailing people out or helping them extend things. WordPress doesn’t come with that, for good or not, it’s really a ‘figure it out as you go’ sort of product.

    There are use cases to consider. Who’s going to use the computer? What do they know? Is it worth teaching them Linux or can they keep using their Mac? Much like I do when I’m mentoring someone, I don’t try to push my ideals on someone, or assume my way and my solution is the only solution. When I look at GPL, yes, it’s my default. I always start there. But I don’t stop there and I don’t let it blind me to what things need to be, because the best solution may not be open source, it may not be GPL, and it may not be WordPress.

    So long as you’re not violating a license, use what suits your needs. But do pay attention to those licenses.

  • The Responsibility of Freedom

    The Responsibility of Freedom

    I’m sure you know there are clubs out there that re-sell WordPress products at a far lower cost than their original source. This post is not about that being right or wrong via the GPL, nor is it about the morality.

    This post is about responsibility.

    In my home office hangs a poster “Flynn Lives” which I have to constantly remind me “I fight for the users.” It’s a nerd level joke most of my fellow developers and support gurus get, but many people I help would not understand the point. My job, as a WordPress Support Guru, is to help people. This is simple, straightforward, and obvious.

    My other job, though, is to make their lives easier and better. It’s my responsibility, when I write code, to make it do something to make someone’s life easier. Even if the only person it helps is me, the point is that someone is being helped. If it’s just me, it’s really easy to support myself. “Hey, Ipstenu, you know this broke?” “Yeah, added to my list!” But when it’s someone else, how does that change?

    I firmly believe there’s an expectation of support with all plugins and themes hosted in the WordPress.org repository. Period. That means, yes, I have code I don’t put up there because I don’t care to support it. But I know that expectation puts responsibility on me as more than just “Someone who writes code.” I can’t just write code, drop it into the world, and never support it.

    “But Ipstenu,” I hear you say. “Isn’t that what WordPress.org does? It just dumps WP into the world. I never see the devs in the forums!”

    You’re not WordPress.org. You’re not that big, that complex, and that intricate. Unless you’re BuddyPress-levels of plugins, and you’ll notice they have support forums. Instead of directly supporting WP, the core devs of WordPress who are dedicated to WordPress have people like me, who traipse about the forums and help. And when I see broken things, I either take it to trac or help the person who found it do so. My determining line is “Can I fix it? Okay, I’ll trac it and patch it.” If I can’t, I help them. Low hanging fruit.

    The point here is that all this wonderful software came with a responsibility to make it great and help people. What does this have to do with sites like those Justice League Clubs that offer cheap/free versions of pay-wall’d software? They’re not helping you.

    FreedomOh, in the short term they’re helping you by giving you something for free. They’re getting you further in your site development than ever before. However that help ends at the provisioning level, because you aren’t paying for support from these resellers, you’re paying for product. That’s okay, so long as you know what you’re paying for, and a lot of people don’t. If people did know what they were paying for, they wouldn’t use nulled themes with base64 backdoors in them.

    The ethics and morals of reselling someone else’s work aren’t at play here. Yours are yours, mine are mine, and that’s just fine. What is at play is what are we paying for, what are we providing, and what are we devaluing when we resell someone else’s product?

    Devaluing is the easier one. People sell products at cost in order to make money. It’s simple. I work for a company that sells space on a computer and world wide availability from anyone to that space. We sell it at a price that allows us to make money, but also that allows us to hire amazing people like me who work on WordPress, write some of the code, test it, and otherwise spend all this time on WordPress, just because it’s software you use!

    The value of the product is, again, not just in the product, but in the service. And the service is more than just access and accessibility, but also in the support you get. No matter what people think, we aren’t just rolling around in money and laughing at you. We reinvest that money in ourselves, our hardware, the software (some of which we give to you). But what we always do is support that. Sometimes the support isn’t what you want to hear, but we do our best to solve problems, or explain why we can’t.

    So what are you paying for? Support! In the end, you’re pretty much always paying for support. You buy Microsoft Office and you don’t get the kind of support you get with WordPress, but you pay a lot more money. Where’s the support? When Word crashes, it sends (or asks you if it can send) a report back. That report gets noticed and acted on so that if it’s solvable, it’s solved. The next upgrade you get has a patch, and that crash doesn’t happen again. That’s support!

    You can also get actual support from Microsoft (though I know of no one who’s done so). They have people who write fantastic help docs and who monitor their forums and twitter. If you took Word (let’s pretend that was legal) and resold it, would you have all that?

    But that’s a quite extreme example. WordPress plugins are significantly smaller in scale than MS Office. So why is Office (and Adobe Photoshop etc) so expensive if they don’t give you half the help that the free WordPress product does? There are a lot of reasons. Patents and copyright are expensive, and frankly we’re all willing to pay for it. When Apple dropped the price of the new OS down from hundreds to $25, we were all suspicious. When it became free, we flipped out.

    But Apple wisely noted that making us pay that much money wasn’t helping them as much as it might. Free gives you a certain brand loyalty because we get to try before we buy. And we will buy those apps and those app add-ons (though I don’t fully approve of games that force you to pay to play all the time). We buy them because after we get the base product for free, we see the real value in the cost of the other products and we’ll pay for them willingly. Apple takes responsibility for their free software in interesting ways. We have to pay for assistance (most of us via the Genius Bar). And in the WordPress ecosystem, that too is what you pay for. The help.

    Broken windowSo back to this whole “I’ll take your paid software and give it away” thing.

    What are we paying for? I’ve heard tell that ‘Paying for support’ is a rip off. So is paying for documentation. I can see why some people balk at paying $25 a year for ‘support’ they may not ever need, and I’ve seen some companies work by letting you pay per-ticket. Though that makes people feel like you’re nickel-and-diming them, and I do agree it can come across that way. And yet that support which they so casually toss aside like an old shoe is where these free-software-clubs fall down.

    There is one club that says they will support all the plugins they re-host. Many of us are suspect at the possibility of that actually working well, though given the odds of how small their sales will be to start with, it may end up sustainable. The problem is that they’re not going to be patching upstream. They’ll fix your issue, and then when the real source pushes the next version, they get to reapply their patches. Strikes me as a lot of work.

    Is the payment system for some WordPress plugins and themes broken? I don’t think so. I think it’s not optimal for the user nor for the developers just yet, but monetizing these things is still relatively young. There will be mistakes and bad choices along the way. Finding the balance between the freedom of the GPL and the desire to make a living is difficult.

    The ultimate responsibility we have with WordPress is to give back. We give back with support and with improving things for everyone. If we’re just doing things for ourselves, after all, we don’t share them. Are these clubs failing in those responsibilities? Not yet. But all eyes will be on them if they do.

  • Copyleft

    Copyleft

    I’ve seen a lot of people doing an un-copyright, including Brian Gardner who did it (in part) to simplify his life.

    Our pervasive permission culture.
    Our pervasive permission culture. Via Mimi and Eunice

    While I’m a huge proponent of ‘Give it away’ (see all my ebooks), I also retain copyright on my creations for a reason, and it’s curiously the same reason why Brian (and Leo Babuta) don’t. Let me quote Leo:

    I’m not a big fan of copyright laws, especially as they’re being applied by corporations, used to crack down on the little guys so they can continue their large profits.

    I’m not the big guy. I’m the little guy. I want to protect what I created not for miles of profit, but because attribution is critical to my end goal of “obscurity.” That is to say the rationale behind my ebook philosophy of “Pay what you want” is that if people don’t know about a thing, they won’t buy/use a thing. Where as if people do know, and can find, a thing, they will use it.

    As I said, and as Cory Doctrow says: People don’t not buy a book because it was free, they don’t buy a book because they don’t know about the book.

    So if I remove copyright, and no one has to credit me, then no one knows about me and they can’t come back and get WordPress Multisite 110, or WordPress Bookstore and learn more. They can’t find this blog and get even more, free, tidbits about WordPress and computers and business and whatever else they use this site for. In short, without attribution, people can’t learn any more from me because they don’t know about me.

    As confusing as this can be, I’m okay with you taking my stuff and giving it away for free. But I do want you to say “I got this from halfelf.org” so that you pass on not just the information to the next guy, but the ability for them to find more information. The knowledge, not just the information, is key here. Taking my work and presenting it as your own gives information, but it does not teach knowledge, nor does it enable anyone to learn and go forward because you’re throttling their resources.

    Copyright isn’t about protecting the bug guy for me, it’s about protecting you from the big guy. It’s about making sure you know, and the next person knows where the information came from and how to resource it. Encyclopedias give away information, but the reason they’re amazing is that they give you the ability to gain knowledge from the information.

    Copyright is my encyclopedia. It’s forcing you to keep credit/attribution, which gives you information and the ability to gain further knowledge from it. It protects me, but that’s incidental in that it helps you. And if it can keep the big guys from stealing my stuff and presenting it as their own, then everyone wins.

  • Stolen GPL

    Stolen GPL

    I made a polarizing comment on Twitter back in November, which was perfectly plain to me, but apparently not everyone else.

    “GPL means that you can fork, but it doesn’t mean you can steal, and you know damn well what theft is.”

    I should have said ‘doesn’t mean you should steal, and you know damn well what that is’ but the point is close enough. Forking in GPL is not only okay, it’s encouraged. Many of us get our starts forking and improving plugins. But there’s a difference between that and stealing someone’s work and presenting it as our own. That’s stealing, plain and simple. If you fork, you attribute. I have a plugin that started as a fork and ended up 100% re-written in a totally different way, but I still credit my original inspiration.

    Why?

    Because of the community.

    Look, per GPL, taking someone’s plugin is not stealing it, in so far as taking the code goes. You have the right to distribute someone else’s code. And I don’t even think that taking someone’s copyright protected work is actually theft. What I do think is that is taking someone else’s work with questionable motives, and rebranding it as your own, is stealing.

    Here’s the GNU’s take on Copyright ‘Theft’:

    Copyright apologists often use words like “stolen” and “theft” to refer to copyright infringement. This is spin, but they would like you to take it for objective truth.

    Under the US legal system, copyright infringement is not theft. Laws about theft are not applicable to copyright infringement. The copyright apologists are making an appeal to authority—and misrepresenting what authority says.

    Unauthorized copying is forbidden by copyright law in many circumstances (not all!), but being forbidden doesn’t make it wrong. In general, laws don’t define right and wrong. Laws, at their best, attempt to implement justice. If the laws (the implementation) don’t fit our ideas of right and wrong (the spec), the laws are what should change.

    I agree with their explanation, and think it’s valid, in so far as it goes.

    Where it breaks down is the motive, as I mentioned before. If I buy a plugin or theme to use, I’ve bought it for the intended purpose. If I buy it to fork, I’ve bought it for another intended purses. If I buy it to sell as my own, now I’ve walked into asshole territory. Per the GPL, this isn’t theft and it isn’t stealing (again, forking is okay). But when you look at it dead on, you’ve taken someone else’s work, with the intent to profit from their work, without any attribution or credit or compensation.

    In any other situation, that would be, clearly, stealing.

    Theft is taking someone else’s property without permissions and with the intent to deprive the rightful owner of it. Obviously we’re not depriving the owner of the product when it comes to software, but we are intended to deprive them of the profits of their software, by circumventing their established ‘sales’ procedure. This works the other way, too. If I take someone’s free theme/plugin and sell it, I’m stealing from them as well. However. In both cases, if I’m not selling the product, but selling my support of it, I’m not stealing anything.

    Stealing is presenting someone else’s works as your own, among other definitions, and taking without right or permission. When it comes to GPL, you have both right and permission to take, that is unquestioned. But again, once you start presenting this as your own, you’ve walked into asshole territory. You didn’t do the work, you didn’t write the code, and you didn’t do anything except copy/paste. That’s not coding. You’re being dishonest, and I feel you’re stealing.

    It’s morally ambiguous and sticky for me to just say ‘this is stealing’ which is why I have to come back to the intent and motive. Am I doing this for altruistic reasons? Did the developer take a walk and abandon their work, and I’m simply keeping it alive? Did the developer reject my patch so I forked it? Or am I doing this because I resent them charging $85 for a plugin when WordPress is free? If it’s that last one, then I’m a thief, because my motive is to stick it to the other guy.

    Separating ‘stealing’ and ‘theft’ is like undoing a Gordian knot. You can do it, but it starts bumping into all sorts of crazy semantics. That’s why, most of the time, we don’t bother. I have a very strong opinion on the subject of code-theft, and always have. I feel that the only way to keep the GPL going is to not only do what’s right, but mean it, and being a good steward of the community, be it WP or Drupal or even Expression Engine, means you have to do what’s right.

    The right thing is to thank the guy who came first. Even an ‘Inspired by a snide comment by Ipstenu’ is being a good steward. You’ve encouraged me to do more by taking the time to recognize my effort. With that encouragement, I’ll go on to do more. It’s positive reinforcement at it’s best.

  • How To Submit a WordPress Plugin

    How To Submit a WordPress Plugin

    Submit to WordPressI’m not a super-psycho coder. But between being a busybody and being a volunteer plugin referee, I do spend a disproportionate amount of time looking at the code people put in for plugins, which means I actually see a lot more code, and a lot more submissions, than you might expect. This puts me in a place where I actually can offer some of the world’s most basic advice ever, that a surprising number of people seem to miss, about how to submit your plugins, what will get them downcheked, and what you really just shouldn’t do.

    This list is not all encompassing, but touches on the issues I see the most often.

    What You Must Do

    Failing to do the following will likely end up in your plugin being yanked (or not approved at all).

    Read The Guidelines

    We are not pirates. These are not wishy-washy rules, though they are intentionally kept as light as possible. You see, the more you make a rule “You can’t do this!” then the more you get “Well, you said I couldn’t dig to China, not Australia!”(That’s a true story on my part. I once got my kindergarten school class to dig to China. After being told not to, I got them to dig to Australia. At this point, they said ‘No digging tunnels at school.’ My parents explained in more detail why this was dangerous, and we watched The Great Escape to understand tunnel collapse. I forget how Dad explained the distance, but I remember a long explanation about the earth’s core being molten, and no, you can’t dig under the ocean. I was bummed. I was also 4.) The basic guidelines are on the front page of the Developer Center, but it’s the expanded guidelines you really need to read. I helped write those guidelines (over beery emails with Otto) and he and I both hate that we have to spell certain things out, but apparently they’re unclear. Just read them. If you think you’re doing something that might be on the far side of okay, ask around. Tweet, post in the forums, or find a plugin dev you respect and ask them directly.

    Check Licences

    All plugins must be GPL2 (or later) compatible. This is pretty basic, but a lot of people don’t realize what that means. First, there’s the issue of GPL2 versus GPL3. While the WordPress repository accepts GPL3 plugins, it’s still not compatible with everything, so make sure the code you fold into the plugin will work with which ever license you chose. If you don’t want to use GPL, you don’t have to! Remember, there are a lot of GPL Compatible Licences. At the same time, there are a lot of incompatible licences as well. And there are the Non-free Software licenses. When you’re only releasing your own code, this is pretty easy. You pick a compatible license and move on. When you’re incorporating other people’s code, however you have to study their license carefully.

    Generally I’ve seen people get dinged for using the Creative Commons license, and in most cases this is because they’re not using the CC0 license. That is the only CC license that really works with GPL (except for CC BY ND). Your code really shouldn’t be CC licensed, anyway, though. Just don’t use it.

    Provide the code

    World Wide DownloadsWhen you submit your plugin, put in a link to the code so it can be downloaded and checked. (See Expanded Guidelines, Rule #16) If, for some reason, you can’t because the code is behind a paywall, or you don’t want it in the wild, don’t worry! The only people who see that link are the plugin review team, and they’re trustworthy. They don’t need an API key, either, they just want to make sure you’re not breaking the repo guidelines. If you don’t provide a link to the code, you don’t get in. It’s really that simple.

    Don’t break the other WP rules

    Did you know you can’t use ‘wordpress’ in your domain name without permission? If your author or plugin URL is http://mycoolwordpressplugins.com then your plugin will be rejected. (See Expanded Guidelines, Rule #17) In addition, you’re still going to be held subject to the forum rules with your account. I mention this because if you get blocked on the forums for rampant asshattery, you won’t be able to check new code in. Basically remember that it’s the internet, and we can see your behavior on Twitter, Forums, Faceybooky, etc. Don’t be an idiot.

    What You Should Do

    Not doing the following won’t get you punted from the repo, but they’re still good to do, in order to provide the best support possible.

    Write a good readme

    A good readme file is going to tell the person everything they need to know before they download the plugin. This means:

    1. Describe what the plugin does
    2. Explicitly state any and all requirements
    3. Be upfront about any external accounts required (for APIs or what have you)
    4. Inform users if their information is being sent to another site, where, and why (not necessarily technical explanations, just ‘Your IP, browser specs, etc will be sent to Google for Analytics purposes. This is required if you want to use Google Analytics.’)
    5. Include screenshots of the options
    6. Include a screenshot of what the plugin looks like on the unmodified default theme
    7. Document if no support is provided (or if support is handled somewhere other than the WordPress forums)

    Credit Appropriately

    Thank YouA subset of that is that if your plugin is a fork of someone else’s, be the good person and credit them! It’s not required all the time, but take a look at the copyright information on a plugin. Sometimes they say they require credit in the code. If so, you’ve got to do it. Even just a line that says “Copyright 2009-2011 Some Other Dude” and then “Copyright 2011 Me” below it. That’s a nice CYA. If you want to be really nice, put their userID under ‘contributors’ in the readme file, and they’ll have their pretty face on your plugin.

    Write Good Code

    Using good code is complicated. I don’t pretend to be the best at it myself (seriously, the level of shenanigans I went through over nonces cannot be measured on a human scale). But I know that good code is secure code. I know I should use nonces in certain situations, I know to protect against SQL injections, and I know to not let total strangers upload executable files (so they can’t upload a PHP file that wipes my DB, for example). And I know when to go find Otto, WePay him a beer, and say “So what the hell did I do wrong, here?”

    Writing good code is exceptionally complicated, which is why, if you’re going to write a large plugin, you need to know what you’re getting into. The problem a lot of people get into is the classic ‘Your eyes are bigger than your stomach.’ When you write a plugin, keep it simple. Start with the code you know, slowly fold in the new stuff. Try to test as many different ways as you can think of, but know that you’re going to miss something.

    What To Do If Your Plugin Is Yanked?

    Every plugin developer’s worst nightmare is waking up to find that their plugin was yanked from the WordPress repository.

    Don’t panic!

    Don't Panic This happens when your plugin has been reported as possibly being in conflict with the developer guidelines, or it has a security hole. Many times you will not be notified when this happens. Sometimes you’re not notified because the report is found to be incorrect, and sometimes it’s because you’ve been warned before. And, once in a while, it’s because the person who closed your plugin doesn’t have the ability to email you. Surprise! There are some people on the plugin repository team who don’t have the access to the plugins email system, so when they close your plugin, they’ll ask someone else to email you. If that person is busy, it might take a while.

    When a plugin is closed, the rest of your plugins are usually checked over to make sure they’re not also having an issue. For example, if you have one plugin with a front facing link that’s turned on by default, all your plugins will be checked for that and, if they all have the same problem, they will all be yanked. This is why you need to keep up to date on the plugin guidelines, and follow the WordPress Development Blog.

    As soon as you find out your plugin is closed, email plugins@wordpress.org and ask what you can do to restore it. Posting in the forums won’t help much.