[wp-hackers] Code reviews for plugins?
heiko.rabe at code-styling.de
Thu Aug 19 21:12:44 UTC 2010
It would be a good idea to check plugins, no doubt. But if you introduce
such a rating of flagging system which additionally can be filtered on, you
would imply, that all not yet reviewed plugins are crap. You would give
advantage to the already reviewed plugins and it stucks until the review has
taken place and reached a particular plugin.
During this time delay a well done plugin will be presented to audience as a
"bad" one, which is wrong but felt so by audience for psychological reasons.
Keep in mind, that this affects also the download and utilization rates of
Second concern: I would approximate the number of code lines over all
plugins at least 10851 plugins multiplied an average of 2000 lines = approx.
20 million lines of code at least! I think, it's a huge bunch of work to
read through the code, understand it, looking for security holes, XSS attach
So the time this will take is extra ordinary and I'm afraid, that some
things are not possible to understand inside some plugins without deeper
knowledge of what they are made for.
Dont get me wrong, I vote for this review cycle. But also dont miss this
points thinking about it.
Von: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] Im Auftrag von Paul
Gesendet: Donnerstag, 19. August 2010 22:32
An: wp-hackers at lists.automattic.com
Betreff: Re: [wp-hackers] Code reviews for plugins?
+1 on this.
On Aug 19, 2010, at 4:08 PM, Daniel Bachhuber wrote:
> I think it's a great idea as well. My coding has benefited tremendously
from the generosity of others, and I'd love to start being able to give
> On 19 Aug 2010, at 4:01 PM, Eric Mann wrote:
>> I, for one, would love to participate in a peer review process.
>> I recommended last year that someone* put together a group of developers
>> review plug-ins. I was hoping we could flag "reviewed" plug-ins in the
>> repository to give them a bit of extra work - like verifying that a new
>> really does worth with the version of WordPress it claims to. If we
>> flag such plug-ins, it would give the quality ones more weight and allow
>> quick filter or search.
>> In any case, +1 on the idea. And seriously, keep us apprised regarding
>> of wpcodereview.com collaboration.
>> On August 19, 2010 at 7:44 PM Mike Schinkel <mikeschinkel at newclarity.net>
>>> I had the same idea recently and registered http://wpcodereview.com for
>>> purpose. Want to collaborate?
>>> Another option might be to see if we could somehow use the voting
>>> that works so well to surface reviews of plugins on WordPress
>>> Whatever the case, +1 on the concern and the desire to do something
>>>  http://wordpress.stackexchange.com/
>>> On Aug 19, 2010, at 3:39 PM, Matt Jacob wrote:
>>>> Fact: the quality of plugins in the repository is generally pretty low.
>>>> Obviously, there are exceptions, and those exceptions rise to the top
>>>> become more popular. But for the 10,000-some plugins listed, I bet that
>>>> fewer than 100 of those would be considered best practices in plugin
>>>> development. Unfortunately, most---not all---plugin developers probably
>>>> don't even give a crap.
>>>> For those developers who *do* give a crap (or several craps), and who
>>>> want to publish high-quality plugins, what resources are available? I
>>>> thinking it might be neat if more experienced WP developers from
>>>> volunteered to do code reviews of up-and-coming plugins (initiated by
>>>> plugin developer; not just a random selection).
>>>> You could be the best software engineer in the world, but WordPress is
>>>> separate beast. It's a huge system that's evolved over many years, and
>>>> fact of the matter is that the more experience developers need to pass
>>>> the tribal knowledge they've acquired along the way. IMO, code reviews
>>>> good way to do that.
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
> Daniel Bachhuber
> danielbachhuber at gmail.com
> cell: +1 971 998 5407
> aim/skype/twitter: danielbachhuber
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
wp-hackers mailing list
wp-hackers at lists.automattic.com
More information about the wp-hackers