RFC: Write GPL compliant plugin called Secure Custom Fields

[jjaybrown]

Overview

This suggests an implementation for a custom fields solution that respects both the GPL license requirements and ethical considerations in relation to WordPress and existing solutions like Advanced Custom Fields (ACF).

License Compliance

Our implementation acknowledges WordPress's GPL v2 license requirements. As WordPress is GPL-licensed software, any derivative works, including plugins that integrate deeply with WordPress core functionality, must also be GPL-compatible.

• All code is original work, written from scratch
• No code has been copied from ACF or other existing solutions
• Maintains GPL v2 license compliance throughout the codebase

Ethical Considerations

This implementation adheres to ethical development practices:

• Independent development without reverse engineering of existing solutions
• Proper attribution where third-party libraries are used
• Clean room implementation of features
• Respect for intellectual property rights while maintaining open source principles

Technical Implementation

Our secure-custom-fields solution:

• Uses WordPress core APIs and hooks appropriately
• Implements its own unique approach to field management
• Includes original security measures and data validation
• Features custom UI/UX designed from the ground up

Security Measures

The implementation includes robust security features:

• Data sanitization and validation
• Nonce verification for all operations
• Capability checking for user actions
• Secure data storage practices

Testing

The code has been thoroughly tested for:

• WordPress coding standards compliance
• Security vulnerabilities
• Performance impact
• Compatibility with different WordPress versions

Documentation

Full documentation is provided including:

• Code comments following WordPress standards
• Installation and usage instructions
• API documentation for developers
• License notices and attributions

[kraftbj]

Thank you for writing this up and I appreciate the thought and consideration here. IMO, in an ideal space, such a solution would live in Core rather than as a separate plugin, even if it is behind some constant (e.g. multisite). In the Site Editor world, there is quite a bit that people could build without any plugins if they could register their own post types and meta fields, then use the site editor to add template items as needed.

Some of the points above are out of the scope of my station, though, I think many are very attainable.

[petertwise]

Seems like the main point of this ticket is to try and be a thorough, positive and constructive way of saying that - from at least an ethical standpoint, and probably also a legal standpoint - this should be the approach taken instead of just posting ACF Pro with the licensing code ripped out as has been done with this repo, which is clearly being done with a vindictive spirit given the current relationship between two organizations whose names I won't mention here.

[jjaybrown]

@kraftbj you're a busy little beaver today! Keeping 👀 on to make sure that "Defendants’ officers, agents, servants, employees, and attorneys, and other persons who are in active concert or participation with them" are complying with the orders that The Honorable Judge Martinez-Olguin gave them. Noticing you deleted some branches after you merged- I hope you're meeting your document preservation legal obligations, too! 😁

Not what moves us forward. Please keep discussion clear on making a meaningful change.

[ARehmanMahi]

Man, as much as I hate plugins that break sites unless paid subscription, ACF + Pro is a great product built by Elliot Condon, which some companies bought one after the other.

Matt was angry someone was using an OSS product and not paying $$$ back, why would someone care how anyone uses an OSS for themselves. But no Matt became cry babay.

And lo and behold, here we have SCF, which I feel is okay by the same above definition. Use OSS however, you see fit.

Instead of paying some dude to copy over the code, if WP intentions were for the good of WP, they would have added this in core or made a BETTER plugin from scratch instead of copying from the company we all know WP has a feud with.

P.s. I do hope this plugin removes all the malicious BS intent and, can grow better than any plugin that freaking breaks the website if not paid forcefully.