(2019-06-21, 10:59 AM)Wildcard Wrote: [ -> ] (2019-06-21, 02:13 AM)Serpius Wrote: [ -> ]To tell us, admins, that in order to check someone else's coding/programming you must be a coder/programmer in order to verify the software is an insult[...]
Can you explain how telling someone the truth is an insult?
If I told you that in order to run a business, you'd either need to know how to balance the books or you'd have to hire someone that does, would that be an insult?
If I told you that if you want to travel by plane, you'd either need to own a plane, or buy a ticket, would that be an insult?
I think you are being overly sensitive. I am simply stating the truth. As frost said, even if you are a coder, there is no guarantee that you will catch everything. The best you can hope for is that keeping your ear to the ground and patching known vulns quickly is enough to avoid an issue.
Try to think about this rationally rather than allowing your emotions to play into it.
If I am buying a plane ticket, I am putting my faith into the airline who is selling it that their planes are safe to fly and their pilots are competent to fly an airplane. I do not need to do anything else but pay for the ticket because it is assumed that all other things have been inspected and verified.
If I was running a business and needed a licensed accountant (which I do... by the way), I have several sources to verify the accounting firm through the government and/or agencies such as the Better Business Bureau (for USA businesses).
I cannot do the same thing for someone who is a coder/programmer who advertises their business over the internet.
There are no means, at least that I am not aware of, to verify someone with those credentials.
You say that I can do this locally, sure, but again... how do I verify that person?
With all of the fake/false information out there, how can one trust someone who claims to have certain credentials?
Take you, @Wildcard, I can reasonably trust you with your plugins. Why?
You have a good track record and people are still coming to you for your plugins.
If you were one of those "fly by night" people, then no one can place their trust into you.
Also, if there was a vulnerability in one or more of your plugins, you immediately fix them.
Why do you do it so quickly?
Because you do not want to see your plugin be responsible for someone's website being hacked into because of a security issue that was found on your plugins. (this is exactly why I brought up this part of the thread in the 1st place)
Other plugin authors are not quite that good or quick dealing with those kinds of issues.
However, I can not say the same for someone who put together a plugin that seems to work OK, but did this as a "one time adventure" and was never seen again, but people continue to use that said plugin for quite some time. How can someone like me verify that this 'one-time adventure' plugin is safe to use given the current situation on the internet with all of these exploits going around?