The wordpress.org Plugin Repository requires adherence to a few simple guidelines in order for plugin authors to have their plugins hosted there:
- Your plugin must be GPL Compatible.
- The plugin most not do anything illegal, or be morally offensive (that’s subjective, we know).
- You have to actually use the subversion repository we give you in order for your plugin to show up on this site. The WordPress Plugins Directory is a hosting site, not a listing site.
- The plugin must not embed external links on the public site (like a "powered by" link) without explicitly asking the user's permission.
Lately, however, those guidelines have apparently been interpreted somewhat more strictly (emphasis added):
(13:27:03) KnxDT: By the way: Is the GPL header necesary?
(13:27:18) markr: very.
(13:27:28) KnxDT: because WP didn't mention in the standar readme.txt
(13:27:37) markr: Ideally you would include the gpl in a gpl.txt file
(13:27:57) markr: not including the declaration will get it removed
(13:28:10) markr: users have to know what they can do if they wish
I find the assertion that not including explicit license information with a plugin would result in the plugin being removed from the repository to be at odds with the current state of plugins in the repository. To confirm my suspicion that a significant number of plugins hosted at the wordpress.org Plugin Repository did not conform to this requirement, I did a quick audit of both my own installed plugins, and the current Top Ten Most Popular plugins in the repository. I posted my findings in the WPTavern forum. In short:
- Almost 2/3 of the plugins I personally have installed don't have GPL information in the plugin
- 2 of the Top Ten most popular plugins at Extend don't have GPL information in the plugin
- 1 of the Top Ten most popular plugins at Extend violates the requirement that the entire plugin be distributed under a GPL-compatible license
Based on these findings, I decided to audit a few well-known and influential plugin authors - not to pick on the more high-profile developers per se, but rather to determine the state of license inclusion in plugins developed by those who, ideally, should be leading by example.
Here's what I found:
Matt Mullenweg
Plugins:
- bbPress: License File: YES. Plugin Header License Notice: NO.
- HyperDB: License File: NO. Plugin Header License Notice: NO.
- Akismet: License File: NO. Plugin Header License Notice: NO.
- Close Old Posts: License File: NO. Plugin Header License Notice: NO.
- SyntaxHighlighter Plus: License File: YES. Plugin Header License Notice: NO.
- Yahoo Autotag: License File: NO. Plugin Header License Notice: NO.
- Twitter Friends: License File: NO. Plugin Header License Notice: NO.
- Top Comments: License File: NO. Plugin Header License Notice: YES.
- Matt's Community Tags: License File: NO. Plugin Header License Notice: NO.
- Random Redirect: License File: NO. Plugin Header License Notice: NO.
- Hello Dolly: License File: NO. Plugin Header License Notice: NO.
- Sympathy For The Devil: License File: NO. Plugin Header License Notice: NO.
- Google AdSense for Feeds: License File: NO. Plugin Header License Notice: NO.
- Cache Images: License File: NO. Plugin Header License Notice: NO.
- Advanced Caching: License File: NO. Plugin Header License Notice: NO.
- fauxML: License File: NO. Plugin Header License Notice: NO.
- Admin IP Watcher: License File: NO. Plugin Header License Notice: NO.
- No WWW: License File: NO. Plugin Header License Notice: NO.
- Firefox Counter: License File: NO. Plugin Header License Notice: NO.
- WYSIWYG Editing: License File: NO. Plugin Header License Notice: NO.
- Staticize Reloaded: License File: NO. Plugin Header License Notice: NO.
- Blogtimes: License File: NO. Plugin Header License Notice: NO.
- Protect Old Posts: License File: NO. Plugin Header License Notice: NO.
Notes:
- bbPress was originally a stand-alone script, that included a license.txt file.
- SyntaxHilighter Plus was written by Viper007Bond, but credited to Matt.
- Top Comments was written by Andrew Ozz.
- Sympathy For The Devil was written by Jeff Schult
Summary:
(0/19) of Matt Mullenweg's plugins written as a plugin and maintained by him have license notice of some kind. Shockingly, the majority of Matt's plugins lack even a readme.txt file.
Mark Jaquith
Plugins:
- Quiz: License File: NO. Plugin Header License Notice: NO.
- I Make Plugins: License File: NO. Plugin Header License Notice: YES.
- Page Links To: License File: NO. Plugin Header License Notice: YES.
- Woopra Analytics Plugin: License File: YES. Plugin Header License Notice: YES.
- Bad Behavior: License File: NO. Plugin Header License Notice: YES.
- Category Checklist Expander: License File: NO. Plugin Header License Notice: YES.
- Gravatar Signup: License File: NO. Plugin Header License Notice: NO.
- Forget User Info: License File: NO. Plugin Header License Notice: NO.
- Antispam Collateral Condolences: License File: NO. Plugin Header License Notice: NO.
- WordPress Version Check: License File: NO. Plugin Header License Notice: YES.
- Comment Inbox: License File: NO. Plugin Header License Notice: NO.
- Age Verification: License File: NO. Plugin Header License Notice: YES.
- Subscribe to Comments: License File: NO. Plugin Header License Notice: NO.
- Subpage Listing: License File: NO. Plugin Header License Notice: YES.
- Redirect Old Slugs: License File: NO. Plugin Header License Notice: YES.
- Kramer: License File: NO. Plugin Header License Notice: YES.
- Clutter Free: License File: NO. Plugin Header License Notice: NO.
- Multiple Authors: License File: NO. Plugin Header License Notice: YES.
- Page Hover Titles: License File: NO. Plugin Header License Notice: NO.
- Identify External Links: License File: NO. Plugin Header License Notice: YES.
- Nice Categories: License File: NO. Plugin Header License Notice: YES.
Summary:
(13/21) of Mark Jaquith's plugins have license notice of some kind (including one with both a license.txt file and plugin header license notice).
Ozh
Plugins:
- YOURLS: WordPress to Twitter: License File: NO. Plugin Header License Notice: NO.
- Ozh' Admin Drop Down Menu: License File: NO. Plugin Header License Notice: NO.
- Liz Comment Counter by Ozh: License File: NO. Plugin Header License Notice: NO.
- Ozh' Better Plugin Page: License File: NO. Plugin Header License Notice: NO.
- Ozh' Absolute Comments: License File: NO. Plugin Header License Notice: NO.
- Ozh' Better Feed: License File: NO. Plugin Header License Notice: NO.
- No Login: License File: NO. Plugin Header License Notice: NO.
- Ozh' Who Sees Ads: License File: NO. Plugin Header License Notice: NO.
- Ozh' Random Words: License File: NO. Plugin Header License Notice: NO.
- Ozh' FAQ Auto Responder: License File: NO. Plugin Header License Notice: NO.
- Ozh & COLOURlovers' Admin CSS Designer: License File: NO. Plugin Header License Notice: NO.
- Ozh' Click Counter: License File: NO. Plugin Header License Notice: NO.
- Ozh' Auto Moderate Comments: License File: NO. Plugin Header License Notice: NO.
- Ozh' IP To Nation: License File: NO. Plugin Header License Notice: NO.
- Ozh' Correctly Spell WordPress: License File: NO. Plugin Header License Notice: NO.
- Ozh' Avatar Popup: License File: NO. Plugin Header License Notice: NO.
Summary:
(0/16) of Ozh' plugins have license notice of some kind.
Peter Westwood (westi)
Plugins:
- wp smtp contact form: License File: YES. Plugin Header License Notice: YES.
- WordPress Beta tester: License File: NO. Plugin Header License Notice: NO.
- PJW JS Hotkeys: License File: NO. Plugin Header License Notice: YES.
- PJW Mime Config: License File: NO. Plugin Header License Notice: YES.
- WP Contact Form: License File: NO. Plugin Header License Notice: NO.
- PJW Blogminder: License File: NO. Plugin Header License Notice: NO.
- WordPress Version Check: License File: NO. Plugin Header License Notice: YES.
- PJW Query Child Of: License File: NO. Plugin Header License Notice: NO.
- PJW Page Excerpt: License File: NO. Plugin Header License Notice: NO.
Summary:
(4/9) of Westi's plugins have license notice of some kind (including one with both a license.txt file and plugin header license notice).
Viper007Bond
Plugins:
- WordPress Admin Bar: License File: NO. Plugin Header License Notice: YES.
- SyntaxHighlighter Evolved: License File: YES. Plugin Header License Notice: NO.
- Enable oEmbed Discovery: License File: NO. Plugin Header License Notice: NO.
- jQuery Lightbox for Native Galleries: License File: NO. Plugin Header License Notice: NO.
- YOURLS: Short URL Widget: License File: NO. Plugin Header License Notice: NO.
- Local Time: License File: NO. Plugin Header License Notice: NO.
- Breadcrumb Titles for Pages: License File: NO. Plugin Header License Notice: YES.
- Viper's Video Quicktags: License File: NO. Plugin Header License Notice: YES.
- Regenerate Thumbnails: License File: NO. Plugin Header License Notice: YES.
- Clean Archives Reloaded: License File: NO. Plugin Header License Notice: YES.
- oohEmbed: License File: NO. Plugin Header License Notice: NO.
- Dashboard: Pending Review: License File: NO. Plugin Header License Notice: NO.
- Twitter Tools: bit.ly Links: License File: NO. Plugin Header License Notice: NO.
- WordPress Download Counter: License File: NO. Plugin Header License Notice: NO.
- WordPress.org One-Click Install: License File: NO. Plugin Header License Notice: NO.
- Registered Users Only: License File: NO. Plugin Header License Notice: NO.
- Phone: License File: NO. Plugin Header License Notice: NO.
- SyntaxHighlighter Plus: License File: YES. Plugin Header License Notice: NO.
- Dashboard: Scheduled Posts: License File: NO. Plugin Header License Notice: NO.
- Disable Trackbacks: License File: NO. Plugin Header License Notice: YES.
- Dashboard Widget Manager: License File: NO. Plugin Header License Notice: NO.
- Direct Image URLs for Galleries: License File: NO. Plugin Header License Notice: YES.
- Disable Theme Preview: License File: NO. Plugin Header License Notice: YES.
- More To The Top: License File: NO. Plugin Header License Notice: YES.
- Allow Numeric Stubs: License File: NO. Plugin Header License Notice: YES.
- Dashboard: Latest Spam: License File: NO. Plugin Header License Notice: NO.
- BBCode: License File: NO. Plugin Header License Notice: YES.
- Dashboard: Draft Posts: License File: NO. Plugin Header License Notice: NO.
- Chili Code Highlighter: License File: NO. Plugin Header License Notice: YES.
- Global Plugin Update Notice: License File: NO. Plugin Header License Notice: NO.
- Dashboard Fixer: License File: NO. Plugin Header License Notice: NO.
- Templatedia: License File: NO. Plugin Header License Notice: NO.
- Battlefield 2 Stats: License File: NO. Plugin Header License Notice: NO.
- Templatedia Chess: License File: NO. Plugin Header License Notice: NO.
- Viper's Plugins Used: License File: NO. Plugin Header License Notice: NO.
Notes:
- SyntaxHighlighter Evolved includes license.txt file from original SyntaxHighlighter written by Andrew Ozz
- SyntaxHighlighter Plus includes license.txt file from original SyntaxHighlighter by Alex Gorgatchev
Summary:
(11/33) of Viper007Bond's plugins have license notice of some kind.
Overall Summary
Overall, for the plugin authors listed, only 28 out of 107 plugins (26%) have license notice of some kind (including two plugins that have both a license.txt file and a plugin header license notice). And the number is only that high thanks to Mark Jaquith, without whom the percentage of plugins with license notice of some kind would drop to less than 18%. Only 2 out of 107 plugins (<2%) include both a license.txt file and license information in the plugin header.
I find these numbers to be downright shocking, considering the unwritten rule now being enforced regarding removal from the repository of plugins that lack license disclosure, as well as the assertion that plugins should "ideally" include a license.txt file.
Let me be clear: I fully support the effort to ensure that plugin authors explicitly disclose license information in their plugins, either in the plugin header or in a separate license.txt file. The assertion that users need to be given explicit explanation of their rights to use, modify, and distribute plugins.
That said, perhaps those in the WordPress project leadership, and the plugin developers whom others look up to, should ensure that they are leading by example before a more-strict interpretation of the Plugin Repository guidelines is enforced against plugin developers at large.
Further, since new plugin developers will likely refer to the official wordpress.org Plugin Repository Readme File standard (which currently is silent on the matter of license disclosure) when determining what information needs to be included with their plugins, I would recommend that the standard be modified to include a License section - perhaps something like such:
== License ==
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
This way, new plugin authors would have a standard means of disclosing license information in their plugin - and also, users searching Extend for new plugins would have a known means of determining the license of any given plugin.
What are your thoughts?
Auditing WordPress Plugins for License Information – http://www.chipbennett.net/wordpress/201…
@chip_bennett very interesting.
Only 26% of plugins by @photomatt, @markjaquith, @westi, @ozh, @Viper007bond in #wordpress .org repo disclose license http://www.chipbennett.net/wordpress/201…
RT @chip_bennett: Only 26% of plugins by @photomatt, @markjaquith, @westi, @ozh, @Viper007bond in #wordpress .org repo disclose license …
@chip_bennett Interesting.. I guess at the moment it is mostly implicit rather than explicit.. will make mine explicit #wordpress
@westi please read the linked post. I would love to hear your thoughts. (btw this all goes back to a @WPTavern thread)
@chip_bennett lol nice stats!
@williamsba did you read the whole thing? Stop by and join the conversation!
@chip_bennett All of my plugins are released under the exact same license as WordPress — GPL. I’m just lazy/forgetful.
@Viper007Bond hopefully not taken personally. I know all of you have released under GPL. Please give a quick read, and add your thoughts.
@chip_bennett My thoughts are that I think Mark was dealing with a dirty spammer and was therefore following the “law” to the letter. 🙂
@Viper007Bond definitely not a “dirty spammer” in this case, just uninformed. Judge for yourself, though: http://www.wptavern.com/forum/plugins-ha… (@WPTavern)
@chip_bennett Forcing a link to your site is one thing (still bad though), but he purposely obfuscated it. That right there says it all.
@chip_bennett That right there says it all about his intentions I mean.
@Viper007Bond but when we pointed out why it was wrong, he immediately removed the obfuscation. Misunderstanding, not bad intention, IMO
@chip_bennett Name one good intention that comes from code obfuscated. 😉
@chip_bennett Name one good intention that comes from code obfuscation. 😉
@Viper007Bond well, in this case, someone learned a valuable lesson about GPL and the WordPress community. 🙂
@chip_bennett I have a message on my site specifying then as GPL, but yeah, need to explicitly say it, each time.
@markjaquith see @westi’s suggestion on the #WP dev chat agenda for tomorrow. I think it will address the issue perfectly.
Interesting.
I wonder if a Licence: GPL2 style header might be a better solution.
@Peter Westwood
I think that would be a great solution, too – and it fits with what I currently do.
What I do right now is put the following in the plugin header:
* License: GNU General Public License, v2 (or newer)
* License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.htm
To be honest I never include a license.txt file with my plugins. I try to always include a plugin header license, but I’m sure I’ve forgotten in some of my plugins.
I always just assume anything I put on WordPress.org is GPL. I think everyone should have that assumption.
@Chip Bennett:
I’ve added this to the Agenda for tomorrows dev chat as I would like to close the loop on it and publish some recommended best practise.
I prefer a slug type approach for the Licence: field as it would be easier to automate review.
So we could have GPL2 like in my example.
I like the idea of using a URI to link to the licence rather than cluttering svn with many licence.txt files.
@westi:
Hey, that’s great! Hopefully I’ve been able to contribute something positive to the discussion.
@Brad:
Yeah, I really think requiring a license.txt file with every plugin is overkill. For a web application, it is reasonable to assume that the user can click a link to read the text of the license.
I would assume so, as well, to be honest. Since the repository requires that all plugins hosted there be GPL-compatible, it is reasonable to assume that, if nothing is explicitly disclosed, that the license is GPL-compatible.
But, ultimately, it is better to have explicit disclosure, to eliminate any confusion.
It might be annoying, but actually, the GPL requires the license be included.
http://www.gnu.org/licenses/gpl-faq.html#WhyMustIInclude
I don’t know how this would work, but I wonder if there is a way to add it after the fact to those plugins in extend that don’t include already include it. Not sure how that would affect Subversion repos and currently active development in them.
@Kenneth Younger:
So, since the plugin is a derivative of WordPress, what if the plugin simply referred the user to the license.txt included with WordPress itself?
While the gnu.org GPL link may change or disappear, presumably the license.txt included with WordPress would always exist, in perpetuity.
Would that be acceptable?
The recent discussions you have been involved with have given me cause to add to each plugin I release (and subsequent updates) into the WordPress repository a notice to the effect they are released under a GPL license, with an appropriate link to the license text.
I add the GPL reference to the “Other Notes” part of the readme.txt file; and, the header details of the primary plugin file as well. I do not include a full license text file as that, IMHO, would simply create bloat.
Thank you very much