Review resources before approving them (XF Community)

Status
Not open for further replies.

Dadparvar

Well-known member
  • The goal of this thread is to hear possibility status (from staffs) and interests and feedbacks (from anyone)
  • Wherever examples provided, the only goal is clarification and not the advertisement.

As I understood, although there are lots of new things in XF2 so far, its' main focus is on improving the core and increasing the quality until 2.x. (So far so good. And Thanks for your hard work)

But why not taking more care about the Resource Manager? I mean:
  • Setting strict and tough rules for submitting resources here.
  • Review the resources (and updates) before approving them here.
  • Taking more care of Ratings and Reviews.
Let me add some more sentences at the end:
  • YES, I wish to see these tough rules even if ALL my add-ons be removed from RM.
A very nice example:
  • When you add a resource to Moodle's repository, (first the system, and then) some people review it to see if it has must have standards of the framework or not.
  • Robots and those people will communicate with you until you fully respect the standards. Then the resource will be approved.
  • There is an awesome Bug Tracking system there.
  • (making dedicated forums for each add-on is an awesome feature too. But cause it's a big request, I'm not going deep into this one and providing real examples at this time)
But, WHY?
  • Some people are adding tons of add-ons that only run a simple query (and sometimes raw query is used)
  • They appear on top because they submitted tons of resources
  • They get tons of reviews (I'm not going to say how)
  • You don't see the complaints in associated threads or reviews (I'm not going to say why)
  • On the other side:
    • There are some great developers that hardly can be seen in the list (cause they have less than 20 resources at all)
    • Their add-ons are in a way that some big sites are not moving to new frameworks just because of their add-ons (And I heard it myself)
    • You can see injustice reviews and complaints on their add-ons and their associated threads.
    • When they update, it really means hundreds of lines of codes are changed and/or added. But you can't see their update on top of the list because someone from another side suddenly updates +50 add-ons with the same 1 line patch!
    • The result: great developers say goodbye to XF and "1 line query runners" are being added always
 
I would really like to see at least some minimum standards on what can be advertised on xenforo.com as an addon. Currently there doesn't seem to be any minimum standard and it has disastrous results for both developers and customers.

I think that the XF team is missing out on a great opportunity. XenForo 2 is not out yet and the first addons have been released. It would be a monumental task to review all existing XF1 addons. But for new addons, especially XF2 addons there was/is a chance to start from 0.

Once a developer gets their first addon rejected because of bad code practises, then that would stem or even stop the flow of low quality addons by that developer. It would be clear that its not worth the effort unless the developer would have to up his game. The audit would not just affect the addons reviewed, but would also cause developers to adjust their practises.

XenForo has in my view a major quality problem with addons. In terms of coding practises its a jungle. The Resource area is full of problematic addons that should never be run on a medium to large board and IMHO should never have been allowed to be posted on xenforo.com For xenforo 2 I was hoping that it would be different, but unfortunately it is not.

Not only does this hurt webmasters but it also reflects badly on developers who take pride in their work and deliver good quality and follow standards. A few rotten apples spoils the bunch.

I have lost upward of $5,000 on bought addons that don't work and custom development because well known developers were not able to produce working code if they delivered at all. Some addons needed to be coded tree times over by different devs because the first 2 couldn't deliver. IMO this is really insane. I know I am far from the only admin who lost a lot on this. To many addons I bought, sponsored features for without a usable result.

I do hope that the xenforo team can find ways to increase the standards and quality of the XF addon scene. IMO they should, because they hold themselves to high standards when it comes to coding. The XF Addon community should have better safeguards.

The Woltlab team checks all addons in their resources section. I don't see why XF cannot do the same. The benefit of this would be really significant. It would save admin from using such problematic addons and would have a positive impact on xenforo as a reliable platform. Woltlab doesn't charge for it because it really doesn't cost them much time to do.

Mind that a good developer doesn't need to read a lot of code to recognize bad coding practises, spaghetti, sloppiness and hacks or that the developer doesn't know what he is doing. There is no need for full audits or any kind of quality guarantee. Just introduce a minimum standard of what is acceptable. The whole XenForo community will benefit.

On a related note:
HWS said:
If you happen to be an admin of a large XenForo board it is your responsibility to check each and every add-on you install yourself (or have a coder check it) and do a load test with it. This is what we do. In former days we even posted the result of our tests on the resource pages at Xenforo.com but that was not well received very often. So we stopped doing this.
https://theadminzone.com/threads/xenforo-3rd-party-resources.145863/page-2#post-1105542
 
Some addons needed to be coded tree times over by different devs because the first 2 couldn't deliver. IMO this is really insane.

Same here! We switched very early from vB to XF 1.1. We've used a lot of AddOns and worked with a lot of developers and drama queens. My software got bloated and today, almost 4 years later we're still trying to recover from the messy, inefficient and bugy code by switching to custom AddOns by 2-3 developers.

With XF2 i won't make this mistake again. As long as there isn't something like a qualitycheck for addons i won't using it. I have to wait the good developers i really trust have time to create my addons, even though there is a similar addon in the resource manager. And i don't care if that takes a couple of years, it's much more important to have a stable software than to have a feature rich titanic.
 
I think one small step would be to simplify make developers submit to the correct category. One developer keeps releasing add-ons that are nothing more than template modifications, yet they are released under add-ons.
 
I think one small step would be to simplify make developers submit to the correct category. One developer keeps releasing add-ons that are nothing more than template modifications, yet they are released under add-ons.
Probably to get more people to use his stuff.
 
Asking for a quality review is a Fair request. But it's not easy to implement. If I was a Developer of xenforo, I wouldn't be able to do it. Code review is a complex task. Who is to determine what parameters I am to check. If I determine myself, and keep the parameters very basic, what happens when an addon passes those basic quality checks but has a deep security hole? Then am I too accountable for any hacking which might happen exploiting a security flaw in an addon which was passed by me?

Alternatively, addon Bug tracker, which has been already suggested above is a much better idea. If every addon's listing at the top mentions how many submitted Bugs there are, new would be installers can quantitatively judge an addon. The plugin author could change the Bug status and the submitter has to confirm, or it gets auto approved after say X days. This kind of a Bug tracking system can be scalable. But here too there is the initial investment of effort necessary on the part of the XenForo team. I can understand they wouldn't have that time right now. But I will put my vote behind saying that they should do this, as it would be net positive in the long run for XenForo.
 
I don't think there needs to be any accountability nor a full check. Currently anything goes. There is no need for any bullet proof review because as it stands any form of review will be an improvement.

I am sure that you have seen plenty of addons where you only needed to look briefly to see that it was a complete mess. Similarly: I remember when I commissioned an addon to add functionality to a large addon I was using. My developer quickly emailed me back to ask me if I had sent him an alpha version or not.
If such addons can be deferred with a request to the developer to submit an improved version, then that helps.

It has taken me 3 years to get all the addon functionality I needed to migrate from vbulletin. 3 years...
Code quality has been a major cause of loss of money, time and effort. There have been many times when I considered to give up on xenforo. I know other big board owners who have done so. It would be of value for xenforo to improve this and introduce at least some minimum code quality threshold.
 
Last edited:
  • Some people are adding tons of add-ons that only run a simple query (and sometimes raw query is used)
  • They appear on top because they submitted tons of resources
  • They get tons of reviews (I'm not going to say how)
  • You don't see the complaints in associated threads or reviews (I'm not going to say why)
There's a problem right there.

  • Why should an addon have to be any more complex than being a simple query or a single template modification or whatever? If it's useful for people who don't have that tech ability at all, then it's a useful addon provided the end result is useful.
  • Appearing on top due to submitting tons of resources is not relevant, that would be a different suggestion I think.
  • Reviews are not a perfect system, but I find it useful to see when people have found an addon to be useful. Reviews often also tell you how responsive the author is to support issues and suggestions.
  • If you don't see complaints, then that is surely a good thing. I don't understand the cryptic "I'm not going to say why" I think you should if you want to have a meaningful discussion.
Having said that, I do agree it would be good to have some kind of quality control if that is at all possible.
 
For paid add-ons, this would require them to be hosted on this site as well, which just isn’t feasible or possible for many.

It works with the App Store or something where files are submitted to the site and bought through the service but that’s not really the case here.

I agree with setting standards, however, and some cases (regarding callbacks especially) do seem to be enforced.
 
I would appreciate strict rules for third-party developers that limit what can be added to the resources and a bug tracker in the Resource Manager that is as visible as the ratings. And from what I have experienced and seen in my time here, there will be developers that do not have to fear anything from it and there will be "resource providers" that will be cut off. And that's absolutely correct.

Something other platforms for forums/shops/cms etc provide is a signet/label for "approved/premium/good" development given by the core team. That is a clear indicator which add-ons are recommended and fit in perfectly and which do not make the cut. Developers could apply and send in their add-ons for a check if they match a minimum of requirements for being able to be send in and then the add-on is checked for clear code, minimum of bugs and good reviews. Then it receives the label "XF Approved" for example. All add-ons without that label would be "use at your own risk". That would put more pressure on the developers and less on the XF team.
 
Last edited:
Let's just remember one developer here who was well respected, well liked, had hundreds of add-ons and was making good money....Some of us were suspicious of his work, others were fanboys end of. Was all going great, until finally he got caught and was banned and all resources pulled.
His add-ons were littered with callbacks and what was he gathering? People's information from sites. ACP credentials. Data.. metadata. and lots of it.
Oh not to mention the P word.
All of this was right under the noses of the owners and staff of XF.
Would auditing and QC have helped? (spot checks)
What do you think?

However, time and money is as ever, the problem. How can XF justify spending man hours and money on checking other people's coding for naughtiness? Beneficial to them yes, but I think it would take bit more of a team effort; say for example where we have somewhere where we could send some info to them and say - "this isn't quite right, are you able to check the QC and files for anything troublesome". Then that raises a problem of witch hunting.
But either way, there's a lot of add-ons piled on which are sometimes just not really something you'd expect to run on a working site.
I agree personally that something should be and needs to be done, but what is the question.
We can't expect XF to take on the mammoth task of going through the add-ons for XF2 obviously, but there should indeed be something.
 
This method of reviewing code doesn't scale for an organization like XenForo where the possibilities to extend the framework is endless and the resources are limited.
For people arguing that Apple does it and so should XenForo fail to realize that Apple has a huge staff. They have multiple teams to review the apps and even Apple has had slip ups in the past.

Ultimately the addons are coded to help forum admin to extend their forum's functionality in a certain way. Shouldn't matter if it takes a line or 1000 lines of code. What looks junk to you might be somebody else gold! :)

For our own resources, we do continuous deployment and we don't even update the resource here often. But when we do post an update here, the visibility and conversions are sub par. I agree that having a crowded resource section diminishes the visibility of good addons but this doesn't mean that XF team is responsible for that.

Reviews certainly help weed out the poor quality addons from the good one but you can't expect the XF team to seize through addons and updates.
It would definitely make sense for XF to review each addon, if they were selling their product to your audience and also took a 30% cut from your revenue ;)

For my business, I spend top dollar for the top performer. I know that a top performer might charge more but he would prevent any headaches in the future. My advise would be to not hire the cheapest developer available. Top performers know what they are doing and they are worth every penny.
Or maybe you could hire a security code audit firm. You could go on a field trip installing addons and then they can take care of the loop holes.
 
Status
Not open for further replies.
Top Bottom