[TYPO3-ect] Extension Rating System and Reviews Status
Jan-Hendrik Heuing
jan-hendrik.heuing at digitaldistrict.de
Sun Jul 23 12:32:06 CEST 2006
> > I don't see t3a paying for that, I'd only see them making sure that
> > reviewers are choosen carefully.
> Security reviews should be a central interest of the association. If
they
> pay the reviews that would be the most neutral source of the money,
that I
> currently imagine. For me your proposal would be plan B.
Fair enough. I just thought that available budget of the association
should go into development as much as possible.
> Could the association raise the money for reviews? How much money
would be
> needed?
Not talking about how much costs an hour or something. I do not want to
start a discussion wether the association is paying good rates to their
developers or not, and I don't know what pricerange they have anyway :-)
I am not quite sure if they could raise additional money unless they get
paid for individual reviews, which sounds alright to me.
> What costs do you estimate per security review?
You do not have to look at the code, but you also have to communicate
with the developer, go through iterations etc., so you spend a lot time
on things around the review itself. With the experience from metadev,
I'd say a technological review could take a few hours depending on
complexity. Including all sorts of other work which needs to be done
including communication with the developer, you could end up with a day
or two. To be save, if it comes to payment, I would probably go for
fixing a rate for 2 days. This way developers are motivated to get
things done properly in their reviews.
> What costs do you estimate per update review? Based on the diffs.
Based on diffs and the review, I would estimate a workload around 2
hours. Of course if it's getting major changes, you might end up doing a
new review instead.
> How many extensions would be ready to be reviewed?
>
> 70% of them are experimental or alpha ...
> The amount of stable extensions is very limited.
> How about beta?
If it comes to payment, I guess it would be fair enough if extension
authors would request those reviews, as they might have to pay the
association for it. You could even get the association paying parts of
the review to sponsor it partly. And finally it could be companies who
are interested in getting someone elses extensions reviewed before they
use it in client projects, so they have interest in it and pay the fee.
Overall I guess it depends on if it has to be paid for or not. In a
paid-mode, you might get something between 20 and 50.
JH
More information about the TYPO3-team-extension-coordination
mailing list