Just curious, all these suggestions about reviewing code, yet no one has stepped up and attempted to do it on their own. I'm sure an admin site or some type of (dot) org could surely attempt it. I've seen the excuse that "blah blah blah ... they are there to share, that just how in the world are they supposed to vet the code, they couldn't possibly have the time, who's qualified, etc, etc, etc, etc..." I think I have figure it out though, everyone wants the responsibility to fall on XenForo. The same XenForo team most of you bash and moan about when the releases of their software aren't out fast enough.
Yet now, you want them to either review code submitted to them or apparently hire someone to do it so you all can feel the warm and fuzzy cause they are hosted here? And those that aren't what, they now can't be shown here because *gasp* Team XF hasn't went through the code? Give me a break. Seriously.
There is about 7+ pages of absolute nothingness here, with a few common sense replies sprinkled in. Those that replied with a bit of sense, thank you for showing others that they are perfectly capable of reading, and understanding the notice that states:
Resources listed here are not affiliated with and have not been reviewed by XenForo Ltd. If you have any questions regarding a resource, please contact the author. XenForo Ltd. is not involved in any resource-related transactions.
I'm not certain how that can be any more telling, any more informative. Read. They cannot hold your hands anymore.
If XF reviews the code, it passes their check, and *gasp, a security issue shows up... then what? Tell me, please. Are we supposed to sue XF now? I mean, they are some of the most talented developers I've seen, and if I recall, they have had to issue a security update themselves. So, they review, it passes, you get hacked from that add-on somewhere down the line, what exactly is the solution from that point? That's what I would really love to know.
In the end, aren't we all responsible for our OWN sites? Aren't we supposed to vet these addons, vet the code, read and review, trial on a test site, etc? I realize most don't, simply for time.. yet, again, that same time you want used here by the developers of this software. What's next, they have a CSS expert look over your site upon submission to see what can be fixed, what errors are there? This is about the most jacked up snowflake discussion I have read in quite some time.
Again, if someone has an answer to exactly what everyone with the torches and pitchforks will do if an add-on passes this newly created add-on vetting, and ends up being hacked or site blows up for whatever reason... what exactly the next step is.... happens to interest me. Class action lawsuit, what? Please inform.
Careful what you all wish for.