[TYPO3-dev] Review process nuisances

Christian Lerrahn (Cerebrum) christian.lerrahn at cerebrum.com.au
Thu Apr 19 06:53:47 CEST 2007 

Hi Masi,
> > I really appreciate the introduction of the review process. As
> > somebody with a strong security background, I do see the need for
> > that, particularly because I realise how hard it sometimes is to
> > judge where TYPO3 will do the security checks for you and where it
> > doesn't.
> 
> To my knowledge the review process is dead. Too little resource to do
> new reviews of extensions and re-reviews of already reviewed
> extensions.

Hm, hadn't heard that before. Very sad. :( So why does the extension
manager's import function not default to 'all', now. This would be a
logical consequence of such a decision.

> > However, this whole idea can also be a great nuisance which actually
> > devalues the whole process again. Too often the reviewed versions
> > even of rather widespread extensions are immature while the major
> > bug fix releases have not been reviewed, yet. 
>
> Note that the reviews promised a "basic security check". That means
> the code is checked if it contains any security problems. It was
> never the intention to have any quality testing of these extensions.

That's not what I was talking about. All I'm saying that it is no use
knowing that a version has been reviewed if it is just crap in any
other sense than basic security.

> I had this issue a while ago with
> > templavoila where the reviewed version was still beta while the
> > stable version was not reviewed. Today I stumbled over such a
> > problem again. The version of newloginbox which is currently
> > available as "reviewed" does not have the storagePID TS override
> > for the "General Root Storage Pid". This means that the reviewed
> > version is unusable with TV. As I use it on a TV site, I therefore
> > have to introduce an unreviewed extension because otherwise this
> > bug will affect me.
> 
> To me this is a missing feature not a bug. Anyway the extension is
> usable if you store your users in the same folder as the TV records.
>
> I know this is a hassle, and to me the concept of the General Storage
> Pid is a failure.

I absolutely agree with this statement!

Cheers,
Christian

More information about the TYPO3-dev mailing list