Right. And actually this small detail is emblematic of the whole problem.
When you roll out an auto-updates mechanism you're saying to the people who enable it "you can trust us to do the right thing with your project while you are elsewhere -- this is a risk but it's one we manage for your benefit".
If you roll out a change for purely political/commercial reasons that are ultimately not your end user's concern -- we're not a party to that lawsuit -- then you're undermining the trust in that mechanism entirely.
It was a stupid, arrogant, underhanded thing to do.
My opinion as well as many as my peers is that ACF could have been rolled into core or bought by Matt long long before it was acquired by WPE, which most of us found as a good thing, being that its a critical plugin and gained long term support.
Plugins have bumps, that's part of the growth, and some of the changes ACF have made as of recent years, even the ones I disagree with, seem well intentioned and not malicious. I can't say the same for what is happening right now.
WP and/or A8C took over the existing plugin, so that sites that have auto-update on were automatically bumped to the SCF version instead of the historical ACF which obviously had a different team of maintainers
(community member, not affiliated with WP, WPE, or A8C)
I can confirm this has been escalated internally in the WP slack.
I can also provide this context which I found concerning, given the way this was taken over and rolled out on a Saturday afternoon, of which I have also been dragged into now as a fellow site maintainer.
- Matt Mullenweg
"in a few days we'll have a Github where people can get involved, and we can also set up proper build systems, etc"
So its all in flux obviously. I let them know the same thing, that I find this as a malicious supply chain attack that is affecting the community.
