Reporting BobPay for unethical behaviour

Lol the plugin got suspended within 24hrs but it sounds like Bob Pay took over 2 weeks to acknowledge until you mentioned it here. That's really good turnaround time by the review team for WP
 
LOL i went through the various plugin versions of this... the code was entered in tothe plugin in version 1.0.7

https://plugins.trac.wordpress.org/browser/bob-pay/tags/1.0.6/bobpay-plugin.php - doesnt exist
https://plugins.trac.wordpress.org/browser/bob-pay/tags/1.0.7/bobpay-plugin.php#L115 - does exist...

this version was uploaded

Last change on this file was 3005041, checked in by bobgroup, 2 years ago

now sure the whole "a junior added it.. we didnt know" then how come that same code has been CHANGED a few times... juniors dont go around changing bits of code willy nilly... most of them fear for their lives and only work on what they have been told....


im propper 1,2 skip a fewing here.. i didnt go through every version... i just jumped a few ahead
1.0.7
1771425507522.png

1.1.1
1771425629403.png


glad to see they actualy removed the code 3h ago....

 
@Jan I hope you don't mind me pointing this out, but there's a minor error in the article
Higgins confirmed that WordPress owner Automattic had temporarily placed the Bob Pay plugin on hold due to the investigation.

“We have since pushed a fix and are awaiting approval from Automattic to make the plugin live again. We have also responded directly to them and are waiting for their feedback,” he said.
Click to expand...
Automattic doesn't place the plugins on wordpress.org on hold, the plugin review team does, which are a group of volunteers. (https://make.wordpress.org/plugins/)

Automattic owns WordPress.com (yes, it causes confusion, which we try our best to resolve: https://learn.wordpress.org/lesson/what-is-the-difference-between-wordpress-org-and-com/), and many folks at Automattic are sponsored to work on the open source project, but Automattic the company wouldn't have triggered this, or have anything to do with reviewing the updates and making it live again.

I work at Automattic, but I also happen to be a plugin review team member, although in my spare time.
 
What makes me sad reading this thread is how difficult it is to get proper support from big companies.
The op reported it to Bob, 2 weeks later nothing and something only gets done after he has to go to all the schlep of starting this thread and reporting the add-on and even then something is only done when the managing director of Bob gets to hear about it.
Which basically means many people with legitimate issues will just fall between the cracks because they don't have these avenues at their disposal and the support staff that should be helping them don't give two shts about resolving problems.
 
Pulling a Windows here? The concerning thing for me is what else the junior dev could have left behind. When it comes to opensource projects like this it's impossible to verify a whole piece of code against guidelines and I think a whole code audit would be in order.
 
AndyHiggins said:
This code was added by a junior developer who is no longer with the company but you are right we dropped the ball on this one. It should have been rectified sooner.
Click to expand...
Not great throwing a junior under the bus, even if not explicitly named. It does not reflect poorly on the junior, who is expected to make mistakes, it reflects poorly on your process. Lack of reviews, oversight and mentoring, testing etc.
 
Ceo's throwing staff under the bus is a great look. The culture at Bob shop must be incredible lol. If this is how easy the CEO throws staff... That runs deep.

ALso how easy it is for the CEO to lie to the public....

Only reason they gave a flying cow patty about this users request was cause pressure was added (and wordpress got involved). I saw some of the responses the user got from support that it's actually expected behaviour, almost like support knew about it..... Go figure

My take away...

Bobshop are lead by a CEO that shouldn't be there (no true leader shoves people under the bus for their companies failings)...

Wordpress report thing actually works really really well... Well done WordPress! Also the dude from the company doing wordpress getting involved here was a nice touch.

I won't be using bobshop anymore for any business. I'm not even really mad at the code bit (think it's highly unethical and no chance a junior did that without being instructed to do so)... But the responses were ludicrous
 
FWIW, any WordPress plugin hosted on the WordPress.org plugin directory that violates the WordPress plugin guidelines can be reported by emailing [email protected]. Having an official plugin review team that treats each case on it's own merit is (hopefully) building the kind of trust that you're seeing here.
Also the dude from the company doing wordpress getting involved here was a nice touch.
Click to expand...
One of my colleagues shared the MyBroadband article in our internal company Slack. Being a member of the plugin team, of course, I had to chime in :).

But also, as a long-time WordPress contributor, organiser of WordPress Cape Town meetups and WordCamps, and only recently an employee of Automattic, the lines between Automattic and the WordPress project are often confused by those outside the "WordPress bubble" (which I do understand), so I do what I can to help clarify those differences.

(What I really need to do is try to remember my login for my original MyBroadband account. The problem is I can't for the life of me remember, and I think my old email address is now dead)
 
@chickenbeef

i dont totaly see them doing anything funky like that in the code.. but im not too sure if this is expected behaviour (there are defining a few things on the woocomerce settings side)


profiles.wordpress.org

Bob Group (@bobgroup) - WordPress user profile

The WordPress.org profile for Bob Group (@bobgroup).
profiles.wordpress.org

their dev department must be burning at the mo lol. my guess is that the bosses are in the office screaming at the devs to hurry up and bury the evidence lol

-----------

can i just say.. thank you wordpress for making all of this publicly accessible! they could soo easily have made it closed up like shopify that we cant view the code but now we can call out companies doing bad things like this at least
 
aws said:
can i just say.. thank you wordpress for making all of this publicly accessible! they could soo easily have made it closed up like shopify that we cant view the code but now we can call out companies doing bad things like this at least
Click to expand...
You can thank the original GPL license under which WordPress was released :) . Any WordPress derivatives (including plugins and themes) that want to be hosted and distributed on WordPress.org directories also have to be licensed under the GPL. While I do agree that Shopify is easier from a "getting the store up and running quickly" point of view, the open-source nature of WordPress, and its plugins and themes, can't be beaten for this very reason. If a developer is doing bad things, it's easy to pick up.
 
Got another response from their support.
Seems they are changing their tune.
____________
Good day

Thank you for taking the time to share your feedback with us. We appreciate you raising your concerns.

We value your feedback as it helps us identify areas of concern and take the necessary steps to improve our processes. Our technical team is currently working on resolving the issue as a matter of priority.

Thank you again for bringing this to our attention. If you have any further concerns or additional details you would like to share, please feel free to reach out.

Kind regards,
 
Katoolsie said:
Seems they are changing their tune.
Click to expand...
Having some fingers trapped in the lid of a closing cookie jar has that effect.

Surely you deleted the plugin and will not reinstall? You have payfast, and while peach presents its own issues they not malicious.
 
AndyHiggins said:
This code was added by a junior developer who is no longer with the company but you are right we dropped the ball on this one. It should have been rectified sooner.
Click to expand...
Wow, as a director of a development house myself I would never throw my staff ( current or who has left ) under the bus like that and use it as an excuse.

Hopefully you have good processes in place because this would have come from PM, estimation, speccing, code, code review, qa and finally to prod.

You are saying none of those processes picked this up?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X