[wp-hackers] Reviews for Plugins

Eric Mann eric at eam.me
Tue Nov 1 23:08:49 UTC 2011

> WP.org backing isn't your problem. Identity confirmation and
> authentication is.
> See, if you don't have solid authentication to ensure one vote per
> user, then you're going to run into gaming of the system. Guaranteed.
> Heck, I've had to deal with it on .org before, for the star ratings.

What I'd like to see is an OAuth system integrated with WP.org.  Then, I
could authenticate against WP.org from within my self-hosted site, and use
those credentials to rate plugins.

OAuth is secure, and (to alleviate Helen's concerns) it wouldn't require
sending my email off to some third party site.  I already have a WP.org
username and password, and I'm just using those credentials to log in and
submit information.  If people don't want to connect, they don't need to.
 They'll just only be able to *see* ratings rather than add their own input.

I'd be pushing for WP.org backing primarily for these reasons:

   - We'd have *one* identify confirmation/authentication system
   - We'd have a single API for getting/updating/etc-ing rating and plugin

WP.org backing isn't the end-all be-all of a system like this, but it would
make for a much smoother, more integrated system overall.

More information about the wp-hackers mailing list