Review resources before approving them (XF Community)

Status
Not open for further replies.
Some middle ground would be scanning files to see if they use direct DB queries over finders for starters. I'm sure there's some easy regex to do that... but, it'd require the developer to upload the zip here and if it's questionable, put in moderation.

Then, make developers list that zip hash along with the hash on their site to see if it's been "scanned" and somewhat given stamp of approval (with XF still taking on no liability).

But some automated checks and balances put in place on XF like that might cut down on crud addons being added to the resource manager.
 
I'm willing to throw money at this idea, but it relies heavily on like-minded people to do the same - including developers. This may be pushing **** uphill but how about we (the customers) take some responsibility and not leave all the crap for Xenforo to deal with.

How about we set up a website - not affiliated with Xenforo - which is community funded. This site can allow Xenforo developers to sign up and hold an account. Every developer account can have "trust" level. The level of trust can depend on how many people audited their addon(s) code and rated the trustworthiness of the code. This is not to be confused with a review and general functionality of the addon, nor the professionalism level of the developer.

At first, we will allow the developers who have already made a name for themselves to hold an account with a "trust" badge. This gives us something to build off and saves money. - The directory starts to come to life. These developers can include a "badge of honour" in their addons. So, posting an addon to Xenforo's resources will allow them to include a little badge to "Xenforo-Audited-Code-Community-But-A-Better-Name.com" and that will show who audited their code, when it was last audited, and a trust rating.

New developers who are unknown can submit their addons to the site to allow them to be audited. As soon as their addon gets audited by a trusted developer ( a hired developer - at least at first ), it automatically gives that developer a "trusted" level (maybe 8/10 pending further auditing).
The money to pay for this is generated by donations ( I am happy to pump a few hundred into it at first ).

After a while, the badge of honour will have actual worth to it - as it means money has been exchanged for auditing services which the developer didn't pay for. As soon as people see the worth of the badge, it will be in the interest of any and all addon creators to be able to display this badge - which means having an account with a "trusted" level.

After a while it can be made that to hold an account on this service you must pay - say - $200 per year. Alternatively, you can pay for your account by auditing other developers code for X amount of hours. So the site can have donations + membership money funding it.

EDIT: I should probably add that not every single addon for each developer needs to be audited. Once a developer establishes themselves as trusted it should be assumed all of their addons share the same qualities. Breaking the trust results in a lifetime ban and their name on a shame list.

Just a thought.
 
Last edited:
Who would you consider to be in that group now?

Keep in mind, this is for quality of code only - not support / quality of addons / features / personality of developer etc. ONLY trust of code.

Personally from past experience -
@Aayush
@Snog (retired)
@DragonByte Tech
@ChrisD
@xfrocks
@AndyB

Opinion of generally accepted trusted developers
@ThemeHouse
@ChrisD
@Snog
@xfrocks
@AndyB
@Jaxel

Again, I stress, this has nothing to do with how well a developer supports their addons, how feature-rich their addons are, if the developer is a **** or not, where their mother was born or if they like or dislike Trump. This is purely for security and compliance.
 
Keep in mind, this is for quality of code only - not support / quality of addons / features / personality of developer etc. ONLY trust of code.


@AndyB

Opinion of generally accepted trusted developers

@AndyB
[ This is purely for security and compliance.

Wait... Wasn't AndyB's add-ons found to have either a security issue, or bad coding practices... And all had to be updated or deleted? Trying to remember, but don't spend nearly as much time as I used to on here.

How does he get the "Quality of Code" badge on the first go around.

This is the entire issue with this request of code vetting.

I've still not seen any answer in almost 2 years to the question I had before....
What happens when one of these "vetted" add-ons get through and a forum gets hacked, exposed, blown up, etc.. What then? Who ultimately ends up with the responsibility?

I'll take a stab, the site owner.
 
Status
Not open for further replies.
Back
Top Bottom