[wp-hackers] Code reviews for plugins?
eric at eamann.com
Mon Aug 23 14:39:01 UTC 2010
I think the two things we're proposing here are:
1) To create a checklist of best practices for plug-in development that
developers can use as a guiding tool while building their plug-ins. This
checklist would be publicly available and would give end users an idea of the
kind of care and oversight that goes into development - it would not be a
"guarantee" that the plug-in is quality work or excellent code, just that the
plug-in does certain things that it would be expected to do.
2) That we organize the community around looking at and verifying that plug-ins
claiming to meet certain standards actually meet certain standards. I'm sure
we've all seen plug-ins and themes claiming compatibility with WordPress 2.X.X
only to find out that the developer accidentally used some function that wasn't
actually compatible ... Having people around to look at and verify that, yes,
the developer did his or her due diligence and the plug-in really does meet that
criteria is valuable. It gives the developer an extra level of
No one's suggesting that we relocate files or rewrite code. But just like
certain things are required for WordPress plug-ins (you must have a readme.txt
file with certain sections, you must include an information header in your core
PHP file, etc), we're putting together a list of certain things that are
recommended and strongly encouraged for WordPress plug-ins.
On August 23, 2010 at 12:46 PM Christopher Ross <cross at thisismyurl.com> wrote:
> this isn't aimed at Harry, simply a reply to the thread in general.
> Having a peer review, where a community could help create better plugins is
> valuable. Having to jump through hoops and adhere to some of the standards
> discussed in this thread would be a waste of my time. I contribute dozens of
> free plugins to the community, they could all be improved (and your feedback
> is welcome) but if I had to waste my time relocating files to meet your
> standards, I'd spend far more time selling my services than helping the
> Just my 2 cents.
> On 2010-08-23, at 5:46 AM, Harry Metcalfe wrote:
> > On 23/08/10 04:49, Mark E wrote:
> > > I'm seeing a big issue centered around delivering a false sense of
> > > security to numerous millions of innocent people.
> > I agree. I like the idea about having objective criteria, and if the results
> > of reviews were phrased appropriately -- ie, accurately -- that would be a
> > nice thing to have.
> > But just to say "The community has reviewed this plugin and it looks A-OK to
> > us" is a really bad idea. For a start, I'm not sure you can really do that
> > in a generic way: to make that statement for any particular user, you'd need
> > to know what other plugins they were running, and what their theme does. But
> > ordinary, non-tecchie WP users will just interpret it as a badge of quality
> > and may therefore be misled.
> > But more importantly, just to say a plugin has been "reviewed" without
> > knowing what the reviewer was looking for is meaningless. They could have
> > been looking for fluffy bunnies. It essentially ends up being a review to
> > look for the things the reviewer thinks are important. Which is perhaps
> > slightly better than nothing, but not much.
> > I think we should come up with a list of the top 25 mistakes people make in
> > plugins, review to find those, perhaps also highlight whatever else looks
> > problematic and tell the author, and then say to users "This plugin has
> > passed a review which checks for some common WordPress plugin problems" or
> > somesuch...
> > Harry
> > PS: if this plan means I never have to spend hours fixing all the notices in
> > someone else's plugin, that would be nice.
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> Christopher Ross
> Toronto 1 (416) 840-5828
> Fredericton 1 (506) 474-2708
> New Orleans 1 (504) 322 3485
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers