A Decentralised Future for WordPress Distribution Reinventing WordPress package management for plugins and themes – with transparent governance and open to all. fair.pm
Human Made & Altis • TSC Co-Chair FAIR Project • WordPress Core committer, security team member Ryan McCue Formerly • Creator & Co-Lead WordPress REST API • Creator & Maintainer Requests for PHP • Project Lead SimplePie
A full replacement for WordPress.org • Improved privacy and updated functionality 2) Package Management • Plugin and theme installation and updates without central servers • Freedom for developers to choose their host • Same focus on usability, improved security Organisation: The FAIR Web Foundation A series of the Linux Foundation. • “Technical Side”: Technical Steering Committee and Working Groups • “Business Side”: Board and Technical Advisory Committee Shipped in June Launched this week!
• Industry standard Browserslist is used in tools like Webpack, Babel, and many others. • Checks run entirely on-site No browser data ever leaves your WordPress site, preserving user privacy. • Actually maintained Browserslist works automatically using browser usage data and official APIs.
• Open industry standard Spearheaded by search engines including Bing (whose data also feeds DuckDuckGo and others). • Decentralised Each IndexNow member accepts pings and forwards them to all the others. • Actually useful IndexNow is actively supported by real search engines in use today.
can’t be installed. Plugins and themes can only be updated from these third-party sources, not installed directly. The only place new packages can be installed from is WordPress.org. This creates a terrible user experience, since there’s no place you can find all of the available plugins/themes at once.
works differently. Every plugin developer has to invent their own solution to this problem by hijacking the WordPress update system. This creates a burden of work for developers to build their own solution, or bundle one of the many, many libraries. It also can hurt site performance with duplicated code doing the same thing.
to stay safe. Plugins and themes from external sources have unclear moderation and safety checks applied to them. While WordPress.org doesn’t catch every problem, it has a moderation team who can monitor and manage plugins. This moderation doesn’t apply anywhere else. Mirrors of WordPress.org could also be unsafe, since there’s no guarantees that packages haven’t been changed.
offer or use alternatives. Every developer has to use WordPress.org if they want to get access to new users via the plugin install screen. This gives WordPress.org an immense amount of power, going against the goal to Democratize Publishing. As we’ve seen, WordPress.org is apparently not an official WordPress Foundation website, it’s just a personal website. This places control in one person’s hands. There’s no ability for developers to run their own hosting and move off of WordPress.org
& Feedback If packages are hosted anywhere, how do we know what’s popular? How do we get reviews? 2. Moderation & Safety How do we block malicious or vulnerable packages? 3. Provenance How do we make sure users are getting the real package, not a fake one?
& Cautious Federation Problem 2 & 3 1. Moderation by FAIR Turned on for all as a baseline level of protection. 2. Other labelers can be used too Allows an ecosystem to form. 3. Careful choice of which repos to federate with Expanding over time as we add more layers.
sure users get the “real” package 1. Domain Validation Tie plugins directly to domains, like social media handles 2. Host Information Shows where it’s hosted. 3. Unique IDs Globally unique IDs can be verified. 4. And more…
are nominated to the Technical Steering Committee (TSC). Every member of the TSC is able to vote in leadership elections and other votes. The TSC elects three co-chairs for staggered terms. Decisions are made with lazy consensus where possible, with co-chairs able to mediate and make a final call where needed.
Side” Paid sponsors through the Linux Foundation comprise the governing board. The governing board advises the project direction, helps to review the roadmap, and directs funds towards project efforts. FAIR is part of
The components making up the network FAIR Plugin User-installable plugin for your WordPress site, connects to the network Includes technical independence functionality Mini FAIR Repo Self-hostable repository to host your own packages on a WP site. Integrates with Git Updater, others coming soon. github.com/fairpm/fair-plugin github.com/fairpm/mini-fair-repo AspireCloud Mirror of WordPress.org. Transforming into our discovery aggregator. github.com/aspirepress/AspireCloud
to Contribute AspireExplore Public directory for all the packages indexed by AspireCloud. Future: Analytics Service Centralised, neutral analytics service providing data equally to everyone. fair.pm Website Documentation, news, and policies from the FAIR team. Future: Moderation Tool Our built-in moderation service, building off Bluesky’s Ozone labeler project. fair.pm github.com/fairpm chat.fair.pm fair.pm/packages
any original materials such as diagrams are licensed under CC BY-NC 4.0. Credits Photo Credits Slide 1: Photo by Markus Spiske on Unsplash Slide 49: Diagrams and screenshots from https://docs.bsky.app/blog/blueskys-moderation-architecture and https://bsky.social/about/blog/03-12-2024-stackable-moderation Slide 53: Photo by Joe Dudeck on Unsplash Photo by NASA on Unsplash Slide 66: Photo by Shane McLendon on Unsplash
rmccue
hollycummins
kotakageyama
masuda220
javiergs
blueeventhorizon
ivargrimstad
hiranuma
akinko_0915
shiita0903
mickey_kubo
lara
chriscoyier
scottboms
shpigford
maggiecrowley
jacobian
csswizardry
rocio
tammyeverts
sergeychernyshev
honnibal
pauljervisheath
