[wp-hackers] WordPress plugin inspections
madalin.ignisca at gmail.com
Wed Feb 19 23:02:25 UTC 2014
I agree with your idea with the reviews on dxw.com, but as Eric mentioned,
you need some certifications to become an authority and trusted in this.
If not, this will just cause just a dispute and fight on each side.
My personal opinion, I would not trust 100% your reviews as you "green"
some plugins I'd run away from and "red/yellow" a few that really need a
more relevant review, but you have some good points on a few "red" labeled.
Mentioning here on almost all your responses about this service doesn't
makes you money it's pointless, you should be proud that you want to
contribute to the WordPress community and stop complaining about money. If
you want only money, then I suggest you review more on "premium" stuff, as
WordPress.org has a team of members that do reviews and
approve/disapproving plugins and themes and in WordPress.org case we should
have a really nice chat about how we can improve this service so plugins
and themes that would not respect all standards we vote for should be
excluded until corrected as should.
On Thu, Feb 20, 2014 at 12:30 AM, Harry Metcalfe <harry at dxw.com> wrote:
> Hi Eric, Madalin,
> That seems reasonable. For the moment - since this is not a service that
> makes us any money at all - I think that it's probably not a practical
> option. But I will keep it in mind.
> You might perhaps draw some comfort from the advisories section. All of
> these specific vulnerabilities have been identified by the same testers
> that carry out inspections, have been responsibly disclosed and fixed by
> the relevant developers.
> On 19/02/2014 22:25, Eric Hendrix wrote:
>> Certifications. —
>> Eric A. Hendrix
>> hendronix at gmail.com
>> On Wed, Feb 19, 2014 at 5:22 PM, Harry Metcalfe <harry at dxw.com> wrote:
>> On 19/02/2014 22:15, Peter van der Does wrote:
>>>> snip snip
>>>> Does the end user really care how the code is written?
>>>> The grade depends on the expertise of the testers. What makes them
>>>> qualified to give this grade? Do they have a PHP certification, what's
>>>> their background?
>>>> The really key part of this criterion is:
>>>> The lack of good style must materially reduce the tester's ability to
>>>> understand what the code is doing, thereby indicating that the lack of
>>>> good style has reduced code readability and maintainability.
>>> This isn't about aesthetics - code that is written in such a way that it
>>> is very difficult to follow is also harder to maintain. It's more likely
>>> to contain bugs, some of which may be vulnerabilities. And it's much
>>> easier to make mistakes when editing it after you haven't looked at it
>>> for a while. It's also evidence that the developer may be inexperienced.
>>> These are all important factors. That said, I can't imagine that a
>>> plugin would fail an inspection on this criterion alone.
>>> The inspections are carried out by experienced developers. I can
>>> appreciate that that might not be clear at the moment. I'm not sure how
>>> we'd go about reassuring people on that front, though: what would you
>>> consider to be good evidence that we're knowledgeable?
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers