[TYPO3-dev] Review process nuisances
Christian Lerrahn (Cerebrum)
christian.lerrahn at cerebrum.com.au
Thu Apr 19 06:53:47 CEST 2007
Hi Masi,
> > I really appreciate the introduction of the review process. As
> > somebody with a strong security background, I do see the need for
> > that, particularly because I realise how hard it sometimes is to
> > judge where TYPO3 will do the security checks for you and where it
> > doesn't.
>
> To my knowledge the review process is dead. Too little resource to do
> new reviews of extensions and re-reviews of already reviewed
> extensions.
Hm, hadn't heard that before. Very sad. :( So why does the extension
manager's import function not default to 'all', now. This would be a
logical consequence of such a decision.
> > However, this whole idea can also be a great nuisance which actually
> > devalues the whole process again. Too often the reviewed versions
> > even of rather widespread extensions are immature while the major
> > bug fix releases have not been reviewed, yet.
>
> Note that the reviews promised a "basic security check". That means
> the code is checked if it contains any security problems. It was
> never the intention to have any quality testing of these extensions.
That's not what I was talking about. All I'm saying that it is no use
knowing that a version has been reviewed if it is just crap in any
other sense than basic security.
> I had this issue a while ago with
> > templavoila where the reviewed version was still beta while the
> > stable version was not reviewed. Today I stumbled over such a
> > problem again. The version of newloginbox which is currently
> > available as "reviewed" does not have the storagePID TS override
> > for the "General Root Storage Pid". This means that the reviewed
> > version is unusable with TV. As I use it on a TV site, I therefore
> > have to introduce an unreviewed extension because otherwise this
> > bug will affect me.
>
> To me this is a missing feature not a bug. Anyway the extension is
> usable if you store your users in the same folder as the TV records.
>
> I know this is a hassle, and to me the concept of the General Storage
> Pid is a failure.
I absolutely agree with this statement!
Cheers,
Christian
More information about the TYPO3-dev
mailing list