[Typo3-dev] Extension reviewing process (request for discussion)

[Robert Lemke]

Hey folks,

I wrote:
>  - I am just creating a process description for quick reviews which will
>    be published at some point. This makes it possible to quickly separate
>    the wheat from the chaff.

well, this evening I started writing some QuickReview Guidelines after I did
a complete review of the upcoming projectmanager extension. 

While I shrinked the original guidelines into one and a half pages, I
realized that quick reviews cannot ignore important things like checking
for XSS or other security related issues. But on the other hand it must be
quick, you cannot spend 4 hours on a quick review and contact the author
several times during several days.

Now, I see two options which I would like to discuss with you:

--[ One-pass quick review ]--

We just create a smaller set of criteria and recrute more reviewers.
Contrary to the detailed review, the author will only be informed but not
involved in the review process. Instead of scanning the whole source code
for security leaks and violations of the coding guidelines, the reviewer
will just use his general impression to form an opinion about the
extension's quality. He will not write a detailed statement why he decided
on a certain rating.

--[ Two-pass almost quick review ]--

Instead of reducing the quality of the review, we spread the work on more
shoulders. The scanning team will scan the extension for formal issues like
missing documentation, documentation layout, coding guidelines (JavaDoc,
single quotes etc). and then pass it over to a reviewer. The reviewer will
look for more complicated things like TYPO3 API usage, security issues etc.

Maybe you guess already what model I would prefer, but I'd really like to
hear some comments about it.

-- 
robert