Post Status Excerpt (No. 70) — Trust and Distrust: Microagressions, Active Install Growth Data for Plugins, and Open Source Security
Post Status Podcasts
English - October 07, 2022 14:05 - 56 minutes - 52 MB - ★★★★★ - 34 ratingsTechnology wordpress web development web design post status agencies wordpress business wordpress professionals developers wordpress news freelancers Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Trust can be betrayed in so many ways or failed even with the best of intentions.
Dan Knauss
In this episode of Post Status Excerpt, Dan and Ny take on three issues in the WordPress community that can threaten or impair trust while also revealing how foundational trust is, especially in open source.
First, they talk about Ny's article at MasterWP, "Enough with this woke stuff: and other racist speech you can unlearn," which explains microaggressions and received a significant number of macroaggressions in reply — but also far more positive support from the community.
Next, "How do we rebuild trust when it's harmed?" is a question that leads into the biggest WordPress story of the week — Matt Mullenweg's apparent decision to shut down access to active install data at the WordPress.org plugin repo due to an unspecified security breach and/or privacy concern. The way communication has happened — or hasn't happened — about this decision is clearly damaging trust in the WordPress community, particularly among business owners with a product in the plugin repository. Ny points out how this all looks to a newcomer to the WordPress community — again, trust takes a beating. But while we lack clarity about the possible return of install data in some form, Dan suggests asking why this data is trusted and valued by many plugin owners. What business decisions can it helpfully inform? Are there alternative and possibly better sources of data about a plugin's users?
Finally, Dan briefly talks about the emergence of draft legislation in the US Senate: the Securing Open Source Software Act. It seems likely that in the near future, US security agencies will be getting people, dollars, and new organizations involved in assessing risk in open-source software. Are WordPress auto-updates critical supply chain infrastructure? When should individual freedoms be exchanged for collective security? When do we need to know what our machines and software are doing? When don't we? Zero-trust architecture might work well for networked machines, but human relationships and communities need trust.
🔗 Mentioned in the show:Nyasha Green, Enough with this woke stuff: and other racist speech you can unlearn (MasterWP)Mark Zahra, A sudden change leaves WordPress plugin devs in the dark (MasterWP)Dan Knauss, Active Install Charts Removed from Plugin Repo (Post Status)Dan Knauss, Open Source Communities: You May Not Be Interested in CISA, But CISA is Very Interested in You (Post Status)Cory Doctorow, Our technology is haunted by demons controlled by transhuman life-forms👋 CreditsNyasha Green, Editorial Director at MasterWP (Twitter)Dan Knauss, Editor for Post Status (Twitter)Olivia Bisset, Web Producer intern for Post Status (Twitter)Every week Post Status Excerpt will bring you a conversation about important news and issues in the WordPress community and business ecosystem. 🎙️
You can listen to past episodes of The Excerpt, browse all our podcasts, and don’t forget to subscribe on Spotify, Amazon Music, Google Podcasts, iTunes, Castro, YouTube, Stitcher, Player.fm, Pocket Casts, Simplecast, or by RSS. 🎧