[wp-hackers] Code reviews for plugins?
harry at thedextrousweb.com
Mon Aug 23 08:46:54 UTC 2010
On 23/08/10 04:49, Mark E wrote:
> I'm seeing a big issue centered around delivering a false sense of
> security to numerous millions of innocent people.
I agree. I like the idea about having objective criteria, and if the
results of reviews were phrased appropriately -- ie, accurately -- that
would be a nice thing to have.
But just to say "The community has reviewed this plugin and it looks
A-OK to us" is a really bad idea. For a start, I'm not sure you can
really do that in a generic way: to make that statement for any
particular user, you'd need to know what other plugins they were
running, and what their theme does. But ordinary, non-tecchie WP users
will just interpret it as a badge of quality and may therefore be misled.
But more importantly, just to say a plugin has been "reviewed" without
knowing what the reviewer was looking for is meaningless. They could
have been looking for fluffy bunnies. It essentially ends up being a
review to look for the things the reviewer thinks are important. Which
is perhaps slightly better than nothing, but not much.
I think we should come up with a list of the top 25 mistakes people make
in plugins, review to find those, perhaps also highlight whatever else
looks problematic and tell the author, and then say to users "This
plugin has passed a review which checks for some common WordPress plugin
problems" or somesuch...
PS: if this plan means I never have to spend hours fixing all the
notices in someone else's plugin, that would be nice.
More information about the wp-hackers