• Kissaki@programming.dev
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 个月前

    What a mess.

    URL is still advanced-custom-fields, but then named Secure Custom Fields. Translations and source repo still map to the old name. It definitely is a takeover, not a “fork” in the classic, established sense.

    The problem with the takeover is, of course, that the original publisher still develops, publishes, and sells their original plugin. Their official website now serves their own version with their own update source.

    So you kinda don’t but also have to rename it to avoid confusion.

    I think a rename to something different is wrong and confusing though. It should add a disclosing addition, like “(Taken Over)” or “Adjusted” or “WPorg edition”.

    A supposed, partial rename is confusing. No information in the README is confusing, intransparent, and disingenuous. No clarity in the release notes is confusing.

    Simply freeing previously and still sold pro features, without disclosing that fact, is very questionable. Not fair to the developers and certainly not transparent to the community.

    Clearing the changelog and release log documentation, removing previously available information, is questionable as well.


    I see in the readme.txt file that the plugin is licensed under GPL.

    So the changes are permissible. And being able to do so is certainly a strength of the FOSS license.


    My biggest issue is that they remove information, and rename without indication. It should be transparent and, within context and concerns, fair. Not like this.


    Looking at the commit log:

    6 days ago, 6.3.6.1 was tagged with

    Security - ACF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)

    14 hours ago, 6.3.6.2 and rename

    • Security - Harden fix in 6.3.6.1 to cover $_REQUEST as well.
    • Fork - Change name of plugin to Secure Custom Fields.

    It also removes is-pro and pro-license-active checks, but fails to disclose so in the release notes.

    Effectively, it frees pro functionalities.

    It also removes all previous change log and release information.

    • Kissaki@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 个月前

      A strength of the GPL is that the community can fork projects, and “take them over” that way.

      At the same time, and this instance is such a case, on a centralized platform, projects can be taken over instead of be forked.

      They developed and published a plugin. Now it’s been taken over by someone else, on the primary distribution and discovery platform, and they have no control over it. Worse than that, the takeover now offers their sold functionalities for free.

      This makes the “open source but not free, but after two years true FOSS licensed” licenses look very useful if not necessary for businesses and developers that want to monetize. At the very least when they [have to] use centralized platforms.