[wp-hackers] Code reviews for plugins?

Mike Schinkel mikeschinkel at newclarity.net
Mon Aug 23 04:01:39 UTC 2010

On Aug 22, 2010, at 11:28 PM, Eric Mann wrote:
> An objective list of criteria also makes it easier for new developers to
> start working on a plug-in.  My first attempt broke a lot of "rules"
> regarding database setup and access ... I'm ashamed to look back at how I
> allowed direct querying of the database via POST variables ... that's a huge
> security no-no.  I also never thought to clean up my options fields or extra
> database tables until someone actually complained about the extra "crap" I'd
> left all over their WordPress installation.  So a checklist that a)
> developers can build to and b) an objective 3rd party can verify would be
> hugely useful.

Exactly.  We need that to get that list of objective best practices.  Given that is seems StackExchange is a great way to surface good solutions I've added this question:

What are Objective Best Practices for Plugin Development?

Once we've got a good objective list we can then consider the next step; how do we get them reviewed?

On Aug 22, 2010, at 11:24 PM, Lynne Pope wrote:
> If enough people want to get involved and do this then it should, IMO, be
> encouraged. It's a huge task to undertake but with enough hands & eyes its
> not unachievable.

Many hands makes for light work. If we can get a system in place that encourages and rewards collaboration I think we can get the top 15% of plugins reviewed on an ongoing basis.  Maybe we could study StackExchange's reputation system and model something similar but that is optimized for supporting plugin reviews instead of just getting answers?

On Aug 22, 2010, at 11:49 PM, Mark E wrote:
> I'm seeing a big issue centered around delivering a false sense of security to numerous millions of innocent people.

The Centers for Disease Control in the USA gives people a sense of security but some people still catch diseases that kill them.  The answer isn't to get rid of the CDC, the answer is to constantly try to improve it and to let people know they also need to look out for themselves too; nothing is a panacea. Caveat Emptor! 


More information about the wp-hackers mailing list