post-page

Where Is The Line Drawn?

24
responses
by
 
on
February 8th, 2010
in
WordPress
heading
heading
heading
24
Responses

 

Comments

  1. Cory Miller (3 comments.) says:

    Thanks for the link.

    It will be interesting to see some of the answers to your questions surface in the coming days, weeks, years as I think it’s vital to the continued health of WordPress and more importantly the community that relies on it.

    As I stated in my post I think premium theme and plugin developers contribute a lot to the community in the form of good products but even more so with training and evangelizing WordPress.

    For the record, our work will be GPL … all our themes and plugins are released under the GPL.

  2. Chip Bennett (63 comments.) says:

    First, explicit, objective guidelines regarding up-selling plugins can, should, and must be incorporated into the Repository guidelines.

    There is absolutely no reason whatsoever to leave such guidelines subjective and (worse) unwritten.

    Second, in answer to one of your questions: the GPL very clearly stipulates that the no use restrictions may be placed on the end user.

    With regard to WP Highslide, the plugin author is NOT stating that the WP Highslide plugin itself must be purchased if it is used on a commercial site, but rather that the plugin uses a separate library – and it is that library (presumably not released under GPL) that requires purchase if it is used on a commercial site.

    This practice is perfectly acceptable under the GPL. Whether or not it is acceptable under the double-secret probation, unwritten, subjective rules of the plugin repository is anyone’s guess.

    I do know this: given the implicit support given to commerical themes on the wordpress.org web site, it is only right that the same consideration be given to commercial plugins. Further, it is unreasonable to prevent plugin authors from making any mention or reference to their up-sell products from within their plugins.

    Establish, publish, and adhere to fair, objective guidelines.

  3. Charlie Stout (6 comments.) says:

    I’ve been searching for a way to set up a paid subscription area on some of my sites but the marketplace for plugins of this nature just “feels” a bit shady. I can’t seem to find a good “free” plugin in the repository but I have no idea which vendor to trust of the few that I’ve found who offer such functionality at a price.

    Finding a plugin in the repository, beit at /extend or from the dashboard, adds a feeling of legitimacy. I like the convenience of obtaining and updating a plugins and themes through the dashboard, and I feel a certain sense of security knowing that hey, I got it from the most legitimate source around.

    As such, I think commercial plugin (and theme) developers should be able to sell their products through the wordpress dashboard. Perhaps Automattic could apply the Apple “App Store” model to commercial plugins and themes. Sharing revenue with developers might afford the personnel required to conduct security reviews of the plugins before approval into the store.

    Regulating the flow of plugins and themes through an “official” security-reviewed system (repository via dashboard) means a healthier internet for us all, and it certainly exposes the developers of plugins who cannot profit from dashboard-based plugin searches to a much larger market of buyers who may not feel comfortable purchasing from a site linked to on a search page listing.

    • Frank Lucas says:

      Charlie, when you say the repository is a “legitimate source”, that’s nice of you but are the plugins’ code reviewed by anybody?

      • Charlie Stout (6 comments.) says:

        I’m no expert on the repository – but I believe that the open source requirement of the repository provides some degree of security, in that a plugin that would possibly do damage would attract attention from those examining the source as it did so.

        If I put a malicious plugin on the repository and only five people actually installed it, well, that’s five computers I’ve infected. Hardly an army. But it would probably fly under the radar.

        Now, if fifty thousand people downloaded my plugin and now fifty thousand instances of WordPress were infected, you can bet that among those fifty thousand users, one of them would be savvy enough to examine the code and cry foul.

        So while I cannot attest to the inherent security of the code in repository-supplied plugins, I can with a small degree of certainty propose that the open-source community would serve the role of policing a threat as it developed and spread with the popularity of the plugin or theme that hosted it.

  4. Carl Hancock says:

    “Finding a plugin in the repository, beit at /extend or from the dashboard, adds a feeling of legitimacy.”

    Just so you are aware Charlie… it’s not hard to add a plugin to the repository. Do not think that just because the plugin resides in the repository that it is 1) more legitimate or 2) better than a plugin that is not available in the repository.

    All it takes to get your plugin in the repository is for it to be GPL and for you to add it… there is no iPhone app store style review process that goes on before the plugin shows up in the repository.

  5. Charlie Stout (6 comments.) says:

    Carl, thanks for the heads up. As I am not a plugin developer, that’s a good bit of insight into the function of the repository.

    Even so, I am more likely to trust a plugin from the repository than a plugin I found fifteen pages deep into a Google search.

    The revenue generated and shared from a commercial plugin/theme store integrated into the repository might well justify the extra precautions necessary to ensure the security of the products in the store.

    Like Cory said in his article, people vote on existence with their wallets. I would definitely cast my ballot for the existence of an official, dashboard-integrated, commercial plugin/theme marketplace in addition to the already excellent free system in place.

    • Steve Media (6 comments.) says:

      ‘blockquote’existence of an official, dashboard-integrated, commercial plugin/theme marketplace in addition to the already excellent free system in place.’/blockquote’

      So how bad will it make wordpress look when the premium plugins that people paid for cease to function after a core code update? With all the updates WP does, plugins (and themes) often break. When a plugin or theme was free, who can complain? When it is GPL – you are welcome to adapt is to current needs, as are other people. When a commercial lockdown license keeps things from working, and it was found via an official WP place, like the dashboard, then it makes WP look bad.

      I have seen premium plugins kill another project on the web that I will not name – mainly because they were not or could not be updated to work with new core code that was released. Plug developers blamed the software writers, software writers said they never guaranteed that plugins would function the same after updates.

      End users were left with choice to continue with unsecure sites, or keep existing functionality that was much needed by their online communities.

      I see this already happening with buddypress – I’d hate to see it happen with wp – of course is all-in-one-seo and others continue to over commercialize, I guess it opens up the door for others to make free plugins and offer them cheaper or with a differnt business model.

      • Charlie Stout (6 comments.) says:

        As to how bad a broken paid plugins make wordpress look would be a function of the error message displayed by wordpress when a paid plugin malfunctioned.

        I think the app review process would minimize this, as a paid plugin in the proposed plugin store would be reviewed by Automattic staff before the new release.

        I believe that Apple’s developer program keeps developers apprised of changes to the platform, and as such, they have time to update their apps to ensure compatibility. I don’t see why this program could be any different.

        If a developer knows ahead of time that his plugin will break if he doesn’t modify something to accommodate an update of wordpress, then it’s not a question of how bad wordpress would look, but how bad that plugin developer would look for failing to keep his product current.

        I don’t believe a site should suffer due to a conflict of interest between functionality and security – especially if there is paid software involved with the utility of that site. So you see the need, at least on the paid side of things.

        Open source is a good passive security measure, in that you can allow others to review your work for security and compatibility. I think this embodies the spirit of WordPress in democratizing publishing.

        As WordPress is used more and more as a platform for commercial projects (some which may involve components which are not open source) then more active measures should be taken to ensure compatibility and security. Where do the resources for this new level of scrutiny come from? I suggest that if Automattic were to involve itself in the workflow between commercial site developers and plugin/theme developers, I think a revenue sharing app store would yield those resources.

        An officiall WordPress app store could could help minimize the unfortunate scenario you present above.

        • Charlie Stout (6 comments.) says:

          5 hour energy drink = typing goes to crap. Sorry for the spelling and whatnot there.

        • Steve Media (6 comments.) says:

          I am saying it would make WP look bad if it was featured in a premium window it he dashboard as a “we approve this commercial message kind of thing”

          Now you may be on to something though – perhaps if payments were made through automattic and 20% of the proceeds were kept by them, then maybe they could do a thing like vbulletin does and not only approve, but promise to keep the thing functioning – vbulletin does that with plugins or extensions don’t they?

          You could give developers all the notice in the world, does not mean that any of them will ever return to fix their broken plugins. Paying for a premium plugin should come with a stern warning that it’s future functionality is in question – many developers, even good ones, run months behind schedule. Some coders are no where to be found when an update is made, some people just move on and never return to their old projects. Some people simply can’t get functions to work the way they should.

          Automattiic staff reviews the code for buddypress before it is released too – doesn’t mean that it doesn’t break plenty when it comes out – lol, with apps I can only imagine them trying to keep up with hundreds of them.

          Paying for plugins should come with giant buyer beware, and should have a license that allows further development of it. Otherwise I will only choose gpl – it’s the only relatively safegurard towards functionality with future versions of WP – or any other software.

          Seriously though, I can only think of two plugins that I would even pay $2 to use, granted I would send $20 right not to get a new version of xx-xxxxxx – but the others – I would have to live without.

          You also have the problems already creeping up with photo albums an buddypress already; people paying for plugins, they have live communities depending on the plugins, and within a couple of versions it will all be broken, and that decision time will suck for everyone involved.

          The same paid plugin issue is what killed phpfox too btw.

        • Chip Bennett (63 comments.) says:

          First, I don’t want the WordPress project team (i.e. core developers) to get into the plugin-review business. They have enough on their hands with WordPress core itself.

          Second, plugin developers have PLENTY of advanced warning for new releases of WordPress. The core deam does a good job of announcing changes that may break plugins, and the release cycle always includes beta and release-candidate releases against which plugin developers can test their plugins.

          I think, rather than an “official WordPress [plugin] store”, I would prefer to see a built-in means to take advantage of the Admin UI backend plugin-install functionality, and third-party commericial plugins/repositories that take advantage of that functionality.

          In other words, wordpress.org should give the same exposure to commercial plugins as it does to commercial themes, but should NOT get in the business of reviewing/approving commercial plugins.

          • Steve Media (6 comments.) says:

            reasonable plan – I just hope if it was implemented that there would be an open discussion forum somewhere so that people could talk about issues, especially security.

            Relying on a developers forums can be very misleading. Installing inside the wp admin interface opens up a lot of trust.

          • Chip Bennett (63 comments.) says:

            Or, I should say, not the plugin-install functionality, but the plugin-update and update-notice functionality.

            Basically, a non-wordpress-repo plugin should be able to tell WordPress its SVN location, so that update notices and auto-updates happen seamlessly for the end user.

            I think that’s more important than plugin-install functionality for non-wordpress-repo plugins. I don’t even know how that would work, and it would take some serious forethought into how it is presented in the plugin-install UI.

          • Carl Hancock says:

            Plugins can already hook into the update notification and receive updates from a location other than the WordPress.org repository. Gravity Forms has automatic upgrades that work just like any other plugin only the upgrades from from our own repository and not WordPress.org’s SVN.

            It happens behind the scenes and the user doesn’t see any difference in how the update notification or updates work. It just does what it is supposed to do.

          • Chip Bennett (63 comments.) says:

            Awesome!

            Then, as far as the user-experience goes, that’s all that’s needed.

            Now, what about the ability to extend the back-end plugin-installation UI, to allow for third-party repos?

            Say WPPluginStore.com wants to set up their own repo, and hook into WordPress, to allow installation using the same UI – complete with their own purchasing/e-commerce solution.

            Is that possible?

            (Obviously, such a plugin would NEVER get approved to be hosted in the wordpress.org repo, for good reason. But WPPluginStore.com could distribute the plugin from their website, in an attempt to drive sales of their commercial plugin offerings.)

  6. Johnson says:

    The difference between a paid theme and most of the freebies is night and day: it is unlikely that I will ever use a free theme again. I have yet to pay for a plugin, but it may be inevitable. Anywho…

  7. Andrew (86 comments.) says:

    You have a point there Charlie. For me too, personally, I also opt for those that are priced because that would mean quality and also better support. There are somehow certain risks involved with free things. However, there are still free things that are good, you just have to keep watch and make sure that others have used it already and is working really good.

  8. Hikari (14 comments.) says:

    Well I’m starting to publish my developed plugins, and of course it would be nice if I could profit from them.

    My fear is that, when we pay for a theme, it’s only 1 theme to buy, and theme development is also not that hard. But plugins are more essencial for WordPress maintenance, nobody is able to alone implement all his needs, and also se have many plugins.

    I have almost 60 plugins in use and I never paid anything for WordPress developers and for any of these plugins, so I feel I must give something from myself too to the community.

    I feel it’s like a trade. I get free plugins and offer free plugins. If I’d have to pay I’d not be able to. It would be better if we moved to a community plugin system (yes, canonical plugins again), with a few ppl cooperatively contributing to each plugin then a commercial system where each plugin is maintained by 1 person.

    But it would be nice to have commecial quality plugins for specific needs too. I for sure would pay a small annual fee for a complete and high quality solution for 1 or 2 of a few needs I have.

  9. Flick says:

    Posting as an end user and not a developer: I really do feel less comfortable having to pay for a plugin (rather than donating) compared with having to pay for a theme.

    Perhaps it’s because I’d feel more confident about being able to resolve issues with themes if a core update sort of ‘broke’ something, whereas the same can’t always be said for a plugin, which – I assume – tends to be rooted deeper into WordPress.

    p/s: Despite the revelations in earlier comments about the review system for the Plugin Repository, it would still be the first resource I would turn for paid plugins if WordPress suddenly became a hive of commercial plugin activity – unless it came well recommended by other WordPress users.

    • George Burley says:

      One of the whole point of commercial plugins is so they are kept up to date when changes are made to the core WordPress files… so things don’t break and you don’t have to worry about fixing anything.

      With free plugins there is no guarantee the developer will be around to update their plugin with each no WordPress release.

      Commercial plugins help bridge that gap by providing their users with piece of mind and updates to keep the plugin up to date with each new WordPress release.

      Plugins and themes aren’t really different, they aren’t rooted deeper into WordPress. Themes can do everything a plugin can do. The primary difference is themes were designed to be the DESIGN and plugins the FUNCTIONALITY… although themes sometimes do far more than design. But as far as capabilities go, they are pretty much the same.

      You will never see a paid plugin area on WordPress.org, thats pretty much guaranteed NOT to happen.

      • Jeff Chandler (171 comments.) says:

        One of the whole point of commercial plugins is so they are kept up to date when changes are made to the core WordPress files… so things don’t break and you don’t have to worry about fixing anything.

        With free plugins there is no guarantee the developer will be around to update their plugin with each no WordPress release.

        Commercial plugins help bridge that gap by providing their users with piece of mind and updates to keep the plugin up to date with each new WordPress release.

        I think one of the goals for all plugins, free or paid is to exist without being broken by an update to the core software. That’s just the way it should be. As for your guarantee, the money incentive doesn’t eliminate the risks that the plugin author would leave or do something else with his time or even sell the plugin business to someone else. There are still risks involved.

        • George Burley says:

          There are risks involved with walking down the street. Thats just life.

          If the functionality is something I consider critical, i’ll take my chances with someone who is being paid to provide me with support rather than someone who has no obligation whatsoever to provide me with support.



Obviously Powered by WordPress. © 2003-2013

page counter
css.php