[TYPO3-extrev] ext_rev and security team

[Elmar Hinz]

Hi Michael,

you are absolutily right, that extension review didn't work in the planned way.
But not only because of the amount of extensions. How many reviews have been
done at all? Very few. The concept itself didn't work. I think it is more a
question of motivation. Think of those long checklists.

You are also right that a working kind of extension review is still necessary.
So we need to as,k who is motivated to do reviews and what kind of. I collected
ideas. All have already been mentioned by others.

- the users of extensions
- computer magazines and article authors
- juries of awards
- the extension programmer
- companies that want to get certified or advertise by good extensions
- payed people

Additionally a lot of checks can be done by programmes like extdev extension shows.

I think we need to come to a model of filters:

Basic:

* Automated checks are made and states are set during each upload to TER.

Users in TER:

* Users can fill out little checklists.
* Most downloaded extensions are taken into account.

Security:

* Security team is taking up warnings.

Human reviews

* Based on this filters a dozend of extensions result that can be additionally
reviewed by humans and certified i.e. during the marketing award or ECT award.

* Companies could pay for a review of a published extension during certification
process for the company itself.

* Computer magazines can do reviews in cooperation with the rev team.

As result each extension can collect different medals/certificates. All of them
would be nice to by displayed in TER listings and to be sorted by them. An
overall quality ranking could be based on them.


Regards

Elmar