Hacker News new | past | comments | ask | show | jobs | submit login

I don't understand, you mean in the case that most people don't patch their WordPress installation, and keep getting updates from WordPress.org?

You have to move all installations to the new ___domain, but you don't have to do that in 1 day. You can create bots scanning the internet for WP installations and mail the webmaster and inform them about the corruption at WordPress and give them info how to patch their instance.

Matt would have to clone all the plugins and keep them up to date by copying the plugins from the new ___domain. But he would be risking a lawsuit for each plugin he does this with. Seems like a lot of work with a lot of risk.




> You have to move all installations to the new ___domain, but you don't have to do that in 1 day.

YES, YOU DO! At least you have to move the majority of all installations day 1. I don't know why you keep repeating this.

Matt stealing a plugin isn't a theoretical issue. He has already done it. It has happened. I'm not constructing some unlikely scenario, I'm telling you what already occurred. WP plugins are GPL licensed, so there's no legal risk if he doesn't behave incredibly stupidly.

You keep throwing technical solutions against a social and economical issue. It doesn't work. There's no technical solution here.

Every plugin you move gradually is a livelihood you potentially destroyed. Can you at least acknowledge this?


Oh yeah ok, I guess I did forget a bit the important detail that most WP plugin developers are making money from a subscription plan on the WordPress.org site. So yeah their income is basically tied to that ___domain name.

Yeah ok, that sucks pretty hard.

Ok, then what about DDOSing wp.org during the entire transition? Just an idea, maybe a bit crazy.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: