[wp-hackers] WordPress plugin inspections

Harry Metcalfe harry at dxw.com
Thu Feb 20 08:55:52 UTC 2014

Hi Peter,

I share your view that certification is of limited value :)

However, I don't think I'm going to get into a debate on this one. I 
think it's pretty obvious that spaghetti code is more likely to be bad, 
and this is all that criterion means. So I think I'll leave it at that.


On 20/02/2014 00:56, Peter van der Does wrote:
> On Wed, 19 Feb 2014 22:22:38 +0000
> Harry Metcalfe <harry at dxw.com> wrote:
>> On 19/02/2014 22:15, Peter van der Does wrote:
>>> snip snip
>>> Does the end user really care how the code is written?
>>> The grade depends on the expertise of the testers. What makes them
>>> qualified to give this grade? Do they have a PHP certification,
>>> what's their background?
>> The really key part of this criterion is:
>>> The lack of good style must materially reduce the tester's ability
>>> to understand what the code is doing, thereby indicating that the
>>> lack of good style has reduced code readability and maintainability.
>> This isn't about aesthetics - code that is written in such a way that
>> it is very difficult to follow is also harder to maintain. It's more
>> likely to contain bugs, some of which may be vulnerabilities. And
>> it's much easier to make mistakes when editing it after you haven't
>> looked at it for a while. It's also evidence that the developer may
>> be inexperienced. These are all important factors. That said, I can't
>> imagine that a plugin would fail an inspection on this criterion
>> alone.
>> The inspections are carried out by experienced developers. I can
>> appreciate that that might not be clear at the moment. I'm not sure
>> how we'd go about reassuring people on that front, though: what would
>> you consider to be good evidence that we're knowledgeable?
>> Harry
> A few tings:
> "Harder to maintain", for the tester maybe, but for the developer it
> might make sense, but even if that is not the case, so what. If the
> plugin works as advertised, and is being compatible with the latest
> WordPress version, why would it be downgraded?
> "More likely to contain bugs". More likely? So now we are presuming
> that it contains bugs? The first lesson I was taught during my coding
> lessons "Don't assume anything!"
> "editing it after you haven't looked at it for a while" - Uhmm, I
> thought the rating was for end-users not the maintainer of the plugin,
> "I can't imagine that a plugin would fail an inspection on this
> criterion alone." Coding style is all very subjective to start with,
> you can't give a grade to subjectivity. Now if you said the coding
> style has to conform to WordPress, okay but still not a valid case to
> downgrade a plugin.
> What are your criteria for coding style, Cyclomatic complexity, Design
> Structure Quality Index, Halstead complexity measures? Does every
> tester follow the same criteria? Where can one find your criteria?
> "what would you consider to be good evidence that we're knowledgeable"
> Like people already stated: Certification is one, but I personally
> don't care if somebody is certified, I rather look at their
> track records, in other words, what have these testers written
> themselves.
> If Mark Jaquith, Nacin, Taylor Otwell or Fabien Potencier would tell me
> how to improve my code I would be more likely to listen then if is was
> some schmuck who hasn't written any significant PHP program with every
> PHP certification in the world :)

More information about the wp-hackers mailing list