(wordpress.org)

172 points ValentineC | 1 comments | 12 Oct 24 18:38 UTC | HN request time: 0.251s | source

Show context

CharlesW ◴[12 Oct 24 19:27 UTC] No.41821726[source]▶

So WordPress-the-org — which is effectively Matt, as far as I can tell — just Sherlocked a developer's plug-in using the developer's own code, ostensibly as retribution for a security issue that the developer had already fixed. https://www.advancedcustomfields.com/blog/acf-6-3-8-security...

What am I missing?

replies(5): >>41821790 #>>41821829 #>>41821872 #>>41821880 #>>41823351 #

sureIy ◴[12 Oct 24 19:44 UTC] No.41821872[source]▶

>>41821726 #

> Sherlocked

The verb you're looking for is stole

Sherloking is when a Walmart is built next to a cornershop. Here the dude tore open the corner shop while claiming to be a victim.

replies(2): >>41821969 #>>41821973 #

CharlesW ◴[12 Oct 24 19:56 UTC] No.41821973[source]▶

>>41821872 #

When I posted, I was under the impression that ACF was open source. But the GitHub repo doesn’t list one, so if it’s not open source…WTF.

replies(3): >>41822031 #>>41822266 #>>41822313 #

1. sureIy ◴[12 Oct 24 20:33 UTC] No.41822313[source]▶

>>41821973 #

Forking isn't the issue. Here they just took the whole ID/address from which existing installations will continue to be updated from. This is theft. I have no doubt it will be added to the lawsuit.

While technically they own the platform and can do whatever they want, there is clearly ill intent here and it'll be used against them.

↑

Secure Custom Fields by WordPress.org