Reminder about reporting security problems, new plugins policy

This is just a quick reminder that for the protection of all Elgg sites, security issues found in Elgg should be reported to security@elgg.com instead of listed on trac, the community site, or the mailing lists.

How is everyone finding the new plugin area on the community site? Since its launch last week there have been generally positive reviews of it. I am pleased with how it functions but know there are a few oddities and hope to continually improve it. The new plugin area features simpler ways for plugin authors to showcase their plugin, recommend releases to their users, request donations, and link to an external project home page.

Because of these improvements and to help clean away some of the clutter, the following new policies will soon go into effect for plugins:

• Projects must contain a functional plugin. Projects with downloads that contain only images, text files, or other non-plugin files will be deleted.
• Use the built-in images feature. Images in the project description or release notes will not be permitted.
• Use the built-in links for donations, home page address, and code repository address. There is no need to duplicate this information in your description or release notes.

As always, plugins uploaded to the community site must be released under an Open Source license. There are many projects that create an open source version of the plugin but also offer a paid or professional version. This is absolutely fine when it is done tastefully, which I'm happy to say is the case with the current authors of such plugins.

Starting January 29th, 2010, plugins that do not adhere to this policy will be given a warning and then deleted if the policies are not followed. This is the first step we're taking to clean up the community site. In the end, we hope to make the community site a place where Elgg users, developers, and newcomers can trade information easily and without distraction. Be watching for more changes next week!