Posted 1 month ago #
Been wondering... Are plugins required to have their license be GPL compatible to be listed in the main WP Plugin Directory?
This WP Codex article says that it's customary for plugin licenses to be GPL/compatible, but I'm wondering about actual requirements for inclusion by WP.
Thanks!
Posted 1 month ago #
Are plugins required to have their license be GPL compatible to be listed in the main WP Plugin Directory?
Yes.
Posted 1 month ago #
Hey, thanks for the quick response, jdembowski!
I was wondering if that requirement was documented anywhere -- I just found it here.
Why I'm wondering all this... I've been busy building a plugin and now trying to work out the licensing. Since the plugin pulls live data from my server, I'm a little sensitive to the possibility of someone taking the plugin, re-writing it to be abusive (or at least negligent/clueless), and redistributing it. Also, I wouldn't mind if the blogger wants to tweak it cosmetically for their own use, but putting their name on it and redistributing it as their own product (which feeds off of my server) I'm uncool with (and I don't think most end-users would care to read the source code to learn that the redistributor is not the original author).
Any ideas on what I should do? Do you know if, in that long list of GPL-compatible licenses, is one that permits people to tweak the plugin themselves, but not redistribute versions that can hack my server? I want to make this available, for free, to anyone. If they want to learn from it or take pieces/functions to incorporate into their own plugins, or make adjustments to fit into a theme, etc., no problem. I'm just trying to avoid abusive situations.
Thanks,
-DG
Posted 1 month ago #
It's a fun conversation and I'm not really sure where it's documented exactly. But just like themes, plugins listed at the WordPress.ORG repository have to have a license that is either GPL or compatible with the GPL.
As long as the code you are listing here is compatible with the GPL, meaning it can be modified and distributed with the source code without restrictions on the code itself, then you should be fine. Your service (data on your server) is not code being listed here. As long as you are above board about your service then I don't think you'll have any problems. It's the code that is free.
Here's an example: Akismet is a plugin that is GPL'ed but is dependent upon Automattic's servers to work. The GPL'ness of the code means that someone could legitimately modify the code to work with a non-Automattic service (like Defensio) and that would be fine as long as the people making the modifications keep to the GPL.
Posted 1 month ago #
Hey, thanks again, jdembowski. (Looks like you were posting while I was editing my earlier post to include the link that I'd found.)
Ok, that's good to know. I sort of figured that was the case - the distinction between the free plugin and server-provided services.
I guess 1 question remains for me: What's to stop anyone from taking the Akismet plugin, to use your example, just slapping their name on it (and following GPL by crediting the previous author) and resubmiting to the WP Plugin Directory? Do the WP Plugin Directory editors screen for duplicate plugins like that? Again, just trying to cover all my bases here looking forward. If someone were to take my plugin and resubmit to WP as their own (I don't think most end-users would even care about a previous author), using it to connect to my server and use its resources, and garnishing any linkbacks and credits that they can from their own "pseudo-derivative" work (which is just identical to mine) and from within the WP Plugin Page, readme file, etc., etc....
Anyway, I realize some of this forward-thinking is probably just being extra cautious, but as I'm putting a ton of work into both the plugin code and server-side code, I'm wondering what the terrain is like here in the WP community and where that line is whereby honest copylefting can start blurring into unethical and/or abusive behavior.
Thanks, jdembowki, and anyone else who may be passing by this thread.
-DG
Posted 1 month ago #
I guess 1 question remains for me: What's to stop anyone from taking the Akismet plugin, to use your example, just slapping their name on it (and following GPL by crediting the previous author) and resubmiting to the WP Plugin Directory?
Nothing really. There's not a group of people who can vet the plugins. When that does happen, or when someone places a plugin that's not GPL compatible, then it usually gets fixed when someone reports it here (the plugin gets removed).
using it to connect to my server and use its resources
The way that Automattic (and others I'm sure) address that is to make the plugin user register with with the service. This way even if someone makes a copy and re-brands their plugin, the service still has a login.
Akismet is not really a good example... as an anti-spam service they encourage software writers to create code that can use their service. There is even a Movable Type plugin as well as Joomla and Drupal.
If your plugin uses your server(s) and you don't have some sort of user validation, then you are guaranteed to have other people using your server(s) for their own usage. Creating something like that and controlling who or what uses that service on the Internet is not trivial.
Posted 1 month ago #
Jan:
You rock. Thanks bunches for all the info.
Good to hear that there's some community oversight in the form of "flagging down" non-GPL inclusions in the directory, and someone behind the scenes @ WP to be responsive to such situations.
Yeah, I'm not quite ready to tackle the burdensome task of issuing API keys to users. Moreover, I want my plugin to be easy to use and ready to roll sans key. I have a plan for monitoring for abuse and I'll see how things go. While I thought I was just being extra cautious, it's interesting to hear you use the term "guaranteed..." as if I should plan for not just possible rogue server access attempts but definite such attemps. Ugh.
-DG
PS OT: Interesting to read your FIOS saga, and congrats on the uber-net-connectivity you're finally enjoying.
You must log in to post.
