[TYPO3-ect] Extension Rating System and Reviews Status
Elmar Hinz
elmar.DOT.hinz at team.MINUS.red.DOT.net
Wed Aug 2 12:35:00 CEST 2006
Hi Michael,
Michael Stucki wrote:
> I agree partly, but there are things to consider:
>
> - The security team (who is currently responsible for making security
> reviews) is by design working behind closed doors
>
What is so personal about security reviews that it must work behind closed
doors? If something is done behind closed doors without a reason it makes
me distrusting. Often it only covers that few is done in practice.
> - They have also discussed a lot about this, results might be worth to be
> merged with your ideas.
>
> - Presenting this in a public list does not mean that they will
> automatically take notice of this!
>
Yeah, the better something is communicated the more official it becomes.
> Please write a short sum-up of your ideas and what you have reached so far,
> and send it to the security team (security at typo3.org) so that they will
> have the chance to get involved.
>
That is Patricks part, who is our officail coordinator of the Ratings and
Revisions.
>> For me this was one of the principles during the startup of ECT and we
>> have reached a lot with it.
>
> AKA the "Guerilla tactic"
No. I think "Guerilla tactic" is rather preparing something behind closed
doors and than unexpectedly confronting the public with a bomb.
>
> - Rolling out new features is very easy for most of the time
> - Keeping it running is far more difficult
> - Not keeping it running doesn't look very professional
New topic now ...
>
> For these reasons I highly prefer well-prepared operations, e.g. having
> availability contracts before launching new web sites, defining maintainers
> before publishing extensions, etc.
>
Work can only be done on this high professional level if someone pays money
for it.
> Of course that doesn't mean that Guerilla tactic is always bad. Especially
> in an Open Source project like TYPO3 I have often learned that the best
> strategy is to just act instead of talking too much. Still, these actions
> should be arranged with other officials like the T3A or the TYPO3.org
> webmaster team to make sure that no duplicate work is done.
In TYPO3 and probalbly other project the named officionals in most cases
don't answer or they answer in an inappropriate way. Currently I neither
reach the security team nor does anybody reach Rene Fritz for questioning
about global categories. What is so professional about officials behind
closed doors that don't communicate what they do and which are not
reachable for cooperation?
I really praise those who do what they do in public.
Regards
Elmar
More information about the TYPO3-team-extension-coordination
mailing list