[wp-hackers] Code reviews for plugins?

Heiko Rabe heiko.rabe at code-styling.de
Thu Aug 19 21:12:44 UTC 2010


It would be a good idea to check plugins, no doubt. But if you introduce
such a rating of flagging system which additionally can be filtered on, you
would imply, that all not yet reviewed plugins are crap. You would give
advantage to the already reviewed plugins and it stucks until the review has
taken place and reached a particular plugin.
During this time delay a well done plugin will be presented to audience as a
"bad" one, which is wrong but felt so by audience for psychological reasons.
Keep in mind, that this affects also the download and utilization rates of
plugins!

Second concern: I would approximate the number of code lines over all
plugins at least 10851 plugins multiplied an average of 2000 lines = approx.
20 million lines of code at least! I think, it's a huge bunch of work to
read through the code, understand it, looking for security holes, XSS attach
vectors etc.
So the time this will take is extra ordinary and I'm afraid, that some
things are not possible to understand inside some plugins without deeper
knowledge of what they are made for.

Don’t get me wrong, I vote for this review cycle. But also don’t miss this
points thinking about it.

Heiko Rabe
(www.code-styling.de)

-----Ursprüngliche Nachricht-----
Von: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] Im Auftrag von Paul
Gesendet: Donnerstag, 19. August 2010 22:32
An: wp-hackers at lists.automattic.com
Betreff: Re: [wp-hackers] Code reviews for plugins?

+1 on this. 

P-

On Aug 19, 2010, at 4:08 PM, Daniel Bachhuber wrote:

> I think it's a great idea as well. My coding has benefited tremendously
from the generosity of others, and I'd love to start being able to give
back.
> 
> On 19 Aug 2010, at 4:01 PM, Eric Mann wrote:
> 
>> I, for one, would love to participate in a peer review process.
>> 
>> I recommended last year that someone* put together a group of developers
to
>> review plug-ins.  I was hoping we could flag "reviewed" plug-ins in the
>> repository to give them a bit of extra work - like verifying that a new
version
>> really does worth with the version of WordPress it claims to.  If we
*could*
>> flag such plug-ins, it would give the quality ones more weight and allow
for a
>> quick filter or search.
>> 
>> In any case, +1 on the idea.  And seriously, keep us apprised regarding
any kind
>> of wpcodereview.com collaboration.
>> 
>> On August 19, 2010 at 7:44 PM Mike Schinkel <mikeschinkel at newclarity.net>
wrote:
>> 
>>> Matt:
>>> 
>>> I had the same idea recently and registered http://wpcodereview.com for
that
>>> purpose.  Want to collaborate?
>>> 
>>> Another option might be to see if we could somehow use the voting
mechanism
>>> that works so well to surface reviews of plugins on WordPress
Answers[1]?
>>> 
>>> Whatever the case, +1 on the concern and the desire to do something
about it.
>>> 
>>> -Mike
>>> [1] http://wordpress.stackexchange.com/
>>> 
>>> 
>>> On Aug 19, 2010, at 3:39 PM, Matt Jacob wrote:
>>> 
>>>> Fact: the quality of plugins in the repository is generally pretty low.
>>>> 
>>>> Obviously, there are exceptions, and those exceptions rise to the top
and
>>>> become more popular. But for the 10,000-some plugins listed, I bet that
>>>> fewer than 100 of those would be considered best practices in plugin
>>>> development. Unfortunately, most---not all---plugin developers probably
>>>> don't even give a crap.
>>>> 
>>>> For those developers who *do* give a crap (or several craps), and who
*do*
>>>> want to publish high-quality plugins, what resources are available? I
was
>>>> thinking it might be neat if more experienced WP developers from
wp-hackers
>>>> volunteered to do code reviews of up-and-coming plugins (initiated by
the
>>>> plugin developer; not just a random selection).
>>>> 
>>>> You could be the best software engineer in the world, but WordPress is
a
>>>> separate beast. It's a huge system that's evolved over many years, and
the
>>>> fact of the matter is that the more experience developers need to pass
on
>>>> the tribal knowledge they've acquired along the way. IMO, code reviews
are a
>>>> good way to do that.
>>>> 
>>>> Thoughts?
>>>> 
>>>> Matt
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>> 
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 
> --
> Daniel Bachhuber
> www.danielbachhuber.com
> danielbachhuber at gmail.com
> cell: +1 971 998 5407
> aim/skype/twitter: danielbachhuber
> 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list