[wp-hackers] Code reviews for plugins?

Lynne Pope lynne.pope at gmail.com
Mon Aug 23 14:34:04 UTC 2010

I think the first thing that needs to happen is for people to agree on what
they want a process like this to do. Paul & Christopher have really good
points and if the goal is to improve the quality of plugins then a review
should be (IMO) limited to looking at security & functionality. If people
get into arguments over camelcase, whether tabs or spaces should be used for
indenting, etc etc then little will be achieved except bitterness.

If, however, the intention is to review plugins with the goal of providing
some surety for end-users then this is a completely different process. This
thread shows people are thinking of both of these but I'm not so sure that
both can be achieved.

On 24 August 2010 01:07, Harry Metcalfe <harry at thedextrousweb.com> wrote:

> <snip>
> A code review where people just check each other's plugins and offer advice
> would be great -- but I think it's a different thing. By all means, let's do
> it. All we need is a mailing list and some willing developers.
> But I don't think anyone can make any claims about general quality as a
> result of having been through that process. Certainly no "This has been
> vetted by the community"-type-assurances on the plugin pages. Because such a
> process, while helping everyone learn, wouldn't really guarantee quality, or
> anything else.

This is potentially a minefield. Users don't give a damn about quality -
they just want to know a plugin works, does what it says it does, is secure,
and doesn't conflict with other plugins. It doesn't matter to users if the
plugin is poorly written.
The moment the words, "assurances" or "certification" come in, someone takes
responsibility. THAT is absolutely the last thing the community should do.
No matter how good a vetting process is, guarantees cannot be given. For a
start, guarantees are specifically excluded from the GPL. NO WARRANTY


> On 23/08/10 13:46, Christopher Ross wrote:
>> this isn't aimed at Harry, simply a reply to the thread in general.
>> Having a peer review, where a community could help create better plugins
>> is valuable. Having to jump through hoops and adhere to some of the
>> standards discussed in this thread would be a waste of my time. I contribute
>> dozens of free plugins to the community, they could all be improved (and
>> your feedback is welcome) but if I had to waste my time relocating files to
>> meet your standards, I'd spend far more time selling my services than
>> helping the community.
>> Just my 2 cents.
>> On 2010-08-23, at 5:46 AM, Harry Metcalfe wrote:
>>  On 23/08/10 04:49, Mark E wrote:
>>>> I'm seeing a big issue centered around delivering a false sense of
>>>> security to numerous millions of innocent people.
>>> I agree. I like the idea about having objective criteria, and if the
>>> results of reviews were phrased appropriately -- ie, accurately -- that
>>> would be a nice thing to have.
>>> But just to say "The community has reviewed this plugin and it looks A-OK
>>> to us" is a really bad idea. For a start, I'm not sure you can really do
>>> that in a generic way: to make that statement for any particular user, you'd
>>> need to know what other plugins they were running, and what their theme
>>> does. But ordinary, non-tecchie WP users will just interpret it as a badge
>>> of quality and may therefore be misled.
>>> But more importantly, just to say a plugin has been "reviewed" without
>>> knowing what the reviewer was looking for is meaningless. They could have
>>> been looking for fluffy bunnies. It essentially ends up being a review to
>>> look for the things the reviewer thinks are important. Which is perhaps
>>> slightly better than nothing, but not much.
>>> I think we should come up with a list of the top 25 mistakes people make
>>> in plugins, review to find those, perhaps also highlight whatever else looks
>>> problematic and tell the author, and then say to users "This plugin has
>>> passed a review which checks for some common WordPress plugin problems" or
>>> somesuch...
>>> Harry
>>> PS: if this plan means I never have to spend hours fixing all the notices
>>> in someone else's plugin, that would be nice.
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> __
>> Christopher Ross
>> Toronto      1 (416) 840-5828
>> Fredericton 1 (506) 474-2708
>> New Orleans 1 (504) 322 3485
>> http://christopherross.ca
>> http://www.thisismyurl.com
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> --
> Harry Metcalfe
> Tel: 07790 559 876
> Web: http://thedextrousweb.com
> Twitter: @harrym, @dextrousweb
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list