WordPress.org

Ready to get started?Download WordPress

Forums

A strange offer from third-party to give them repository access (21 posts)

  1. FractalizeR
    Member
    Posted 2 months ago #

    Hello.

    I've got a strange letter today from some "bestweblayout.com" company. Here is it:

    "Hello Vladislav.

    My name is Grigoriy and I am a representative of BestWebLayout. Our team specializes in WordPress development services.

    We saw that your WP-SynHighlight plugin was updated more than 4 years ago. We would like to offer you our assistance and participation in further development and maintenance of this plugin. In other words, we would like to get your permission and access to plugin repository on wordpress.org. In such way we will become the plugin contributors along with you and will be able to control testing and development of this tool within the WordPress community.

    Our activity will include plugin updates, compatibility testing, support, etc.

    We have already talked to WordPress support team (they said that WordPress is open-source community and such contribution is welcome), who asked us to contact you with such a request. Please let me know if you are ready to accept our offer. Feel free to contact me with any questions.

    Thanks!

    Grigoriy"

    Their website is VERY strange for a "team of professionals" they claim to be. And the offer itself is a little strange. If I want to contribute, I donate code. I don't ask write access to the repository.

    Isn't this a method of spreading some unwanted PHP code via WordPress plugins like it is now done with Chrome (virus or other unwanted crap authors buy popular addons and "enhance" them)?

    Does anyone actually know this company and can confirm we can trust them?

  2. esmi
    Theme Diva & Forum Moderator
    Posted 2 months ago #

    If I want to contribute, I donate code. I don't ask write access to the repository.

    However, you would have to give permission for their names to be added to the plugin as contributors.

    Isn't this a method of spreading some unwanted PHP code via WordPress plugins

    I'm sure that some people do try this but the very hard-working plugin review team weed these out.

    If you are not comfortable with this "offer", then you could always suggest that they fork your plugin and develop the new fork themselves.

  3. FractalizeR
    Member
    Posted 2 months ago #

    Well, that's the main thing. It's not about me being comfortable. I just want to know if they are trustable or not.

    The offer itself may be legitimate, but all depends on people making it.

  4. Code Master
    Member
    Posted 2 months ago #

    I got same offer and I suggested they should submit a patch to one issue before I can grant them access. Still they insist they need to be listed as a contributor.

    Seems incompetent or malicious.

  5. Still they insist they need to be listed as a contributor.

    Then don't accept the patch and don't list them. Or come up with your own patch.

    Seems incompetent or malicious.

    I think it's odd myself but you don't have to grant them what they want. You can even ignore the request. ;)

    If it get's to the point of harassment (NOTE that I am not accusing anyone of anything!) please report that behavior to the plugins [at] wordpress.org email so they can at least be aware of that.

  6. FractalizeR
    Member
    Posted 2 months ago #

    Well, reporting them to plugins@. I don't like this.
    Thanks.

  7. FractalizeR
    Member
    Posted 2 months ago #

    Guys at plugins@ responded, that they don't have any previous record of any contact from BestWebLayout BTW.

  8. We have already talked to WordPress support team (they said that WordPress is open-source community and such contribution is welcome), who asked us to contact you with such a request.

    1) As FractalizeR said, no we did NOT ask them to contact you.

    2) If we DID we would have said "Try to contact the developer to ask if they'll add you..."

    It's possible they took that the wrong way, but at any rate, feel free to tell them no :) It's your plugin. Do what you want to do.

  9. PJvanErp
    Member
    Posted 2 months ago #

    Got a similar e-mail, don't trust it for a bit.

  10. Can you forward the email (headers and all) to plugins at wordpress.org please?

    I'm about ready to hit 'em with a brick.

  11. Code Master
    Member
    Posted 2 months ago #

    Sent to plugins at wordpress.org.

    Thank you very much!

  12. PJvanErp
    Member
    Posted 2 months ago #

    done!

  13. bestweblayout
    Member
    Posted 2 months ago #

    We aren't involved in any illegal affairs. Earlier on forum there was a question about the possibility of cooperation with the authors of neglected plugins. And it said that it is not a problem to cooperate with the authors. So we decided to help WordPress community with these plugins. We only collect information about plugins, which were simply neglected by authors and have not been updated with the latest changes of WordPress. Some of the authors refused, but some of them agreed. Sorry that it looks like spam.

    http://wordpress.org/support/topic/old-plugins-contribution?replies=10

  14. It looks like spam because you're sending this out to a LOT of people, and as of yet, haven't done anything with the plugins. Which is, sadly, a tactic of some spammers. They'll take over legit plugins and turn them into guideline violation spam fests.

  15. We only collect information about plugins, which were simply neglected by authors and have not been updated with the latest changes of WordPress.

    I'm not suggesting any ill will but why would you insist on becoming a plugin contributor? Getting access like that to all those plugins really seems questionable and is something that can be abused as Mika said above.

    Submitting patches are cool but making that as a requirement isn't something that should be done wholesale like that IMHO.

    If you have not been making that insistence then I apologize for any misunderstanding on my part.

  16. Jeff Sayre
    Member
    Posted 2 months ago #

    I received the exact same email this morning with the exception, of course, that they listed my older plugins. There are several issues with this approach that immediately made me flag the email as spam and alert others to a potential threat.

    One, anyone is free to fork a plugin and develop their own version. Many plugin authors are very appreciative if someone forks one of their outdated plugins, updates it, and makes it available to everyone on the repo. It is common courtesy to inform the original dev(s) when they wish to do this. In fact, one of my plugins listed in this email has already been forked and updated (the new dev notified me beforehand).

    Two, the fact that the email makes it appear that they have "approval" from the WP repo team to contact me is another big, red flag. No one requires approval from anyone at WP to contact a plugin author. I receive emails all the time about updating my plugins.

    Three, anyone whom I do not know that contacts me out of the blue and asks for login credentials, or access permissions to any of my repos, is just asking to be blocked. This is bad form. Providing such credentials to an unknown, therefore untrusted party, is never wise as it could be a significant security threat. Malicious code could be entered into your plugin and you, in effect, would be complicit in its insertion. If you do not know someone, it is never wise to team up with them without fully vetting their integrity and the quality of their work.

    Besides, the request is not even necessary as per item one above -- they are free to fork my plugins as long as they give me credit and follow all of the WP repo rules and overall WordPress community common courtesies.

    The fact that this person (group of people?) is still using the exact same email template even after receiving feedback in this thread about the bizarre language and assertions, gives me even more reason to be suspicious. If they are truly offering an acceptable, innocuous partnership, they need to rephrase their email and stop implying an "approval" from anyone at WordPress.

  17. bestweblayout
    Member
    Posted 2 months ago #

    We are not spambots. We are real people and real community members. We do not have "approval" from the WP team to contact with plugin authors, we just asked for the ability to become a contributor and how we can do it. And they said that yes, this is possible, but only with the consent of the author. So we write directly to authors. We just want to support great plugins (such plugins are selected by us) which were updated long time ago. And for this purpose we need to get access to repositories that existing users could receive updates automatically.

    We also have some stages of work like every project. At this stage, we write to the plugins authors who didn't update their products long ago. Of course, we study and analyze each plugin before sending the letter with contribution offer to the plugin authors. Probably our letters look identical or as spam, but it's only because there are a lot of authors and plugins, and we just cannot write a full review with future plans and changes which will be implemented (because we need to receive approval from author at first). After receiving a consent or refusal of all plugins that interesting us, we will start the following stage of direct development and introduction of updatings.
    We have no reason to add malicious code. This is stupid.

    We just offer our help to the community. You may accept this offer or reject it. We have already got approvals from certain number of authors who do not have any plans on updating their products.

  18. People would feel a lot better if you and your group do something with the plugins you've already taken over, and prove that you're going to improve our community.

    Like I said, it looks spammy because, in part, you've done nothing with them. Change that, change our perceptions :) oh and please stop telling people you've already talked to the "WordPress Support Team." It implies you talked to the plugin team (you didn't) or maybe the WP forums support mailing lists (you didn't). You may have talked to one person, but you did not talk to the team as far as I know, and I'm on both.

  19. bestweblayout
    Member
    Posted 2 months ago #

    We'll let you know about our done work! Currently we have a process of studying and analyzing of these plugins. Soon we will provide a progress report.Stay tuned!

  20. See ... that bothers me (personally). You didn't analyze or study them before asking to take them over?

  21. pandan1
    Member
    Posted 1 month ago #

    I got same offer and I suggested they should submit a patch to one issue before I can grant them access. Still they insist they need to be listed as a contributor.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.