[TYPO3-dev] Review process nuisances

[Martin Kutschker]

Christian Lerrahn (Cerebrum) schrieb:
> Hi,
> I really appreciate the introduction of the review process. As somebody
> with a strong security background, I do see the need for that,
> particularly because I realise how hard it sometimes is to judge where
> TYPO3 will do the security checks for you and where it doesn't.

To my knowledge the review process is dead. Too little resource to do new 
reviews of extensions and re-reviews of already reviewed extensions.

> However, this whole idea can also be a great nuisance which actually
> devalues the whole process again. Too often the reviewed versions even
> of rather widespread extensions are immature while the major bug fix
> releases have not been reviewed, yet. 

Note that the reviews promised a "basic security check". That means the 
code is checked if it contains any security problems. It was never the 
intention to have any quality testing of these extensions.

I had this issue a while ago with
> templavoila where the reviewed version was still beta while the stable
> version was not reviewed. Today I stumbled over such a problem again.
> The version of newloginbox which is currently available as "reviewed"
> does not have the storagePID TS override for the "General Root Storage
> Pid". This means that the reviewed version is unusable with TV. As I
> use it on a TV site, I therefore have to introduce an unreviewed
> extension because otherwise this bug will affect me.

To me this is a missing feature not a bug. Anyway the extension is usable 
if you store your users in the same folder as the TV records.

I know this is a hassle, and to me the concept of the General Storage Pid 
is a failure.

Masi