Hi,
Does anybody know what is the "Plugin Validation" process exactly?
Is it just searching files for malicious codes or also a FBI clearance?! Because sometimes it takes so long to be done.
Its whenever Staff who are responsible for it have time. Since AJS is gone its been slower because he was the primary one doing it. Also, there is a major re-write of the Mods site in progress, so please have patience.
Thank you for that good news. MyBB really deserves a better Mods site.
But seriously, what's the Validation? I'm so curious about that. Do those staffs install each plugin and check the compatibility and performance (i.e. errors during activation) or it's just limited to security issues?
I tend to approve pending plugins when I have time. Patience is key though; We all work for free, and we have busy lives.
(2011-03-19, 03:23 AM)SaeedGh Wrote: [ -> ]But seriously, what's the Validation?
I honestly don't know
I don't validate (I have access to it, but I don't have the time so I didn't read the guidelines), and I'm not sure if thats supposed to be public knowledge. Obviously we're going to look for security issues, but aside from that I don't know what they do. Sorry.
(2011-03-19, 03:26 AM)Spencer Wrote: [ -> ]I tend to approve pending plugins when I have time. Patience is key though; We all work for free, and we have busy lives.
I see. I work for free too and greatly appreciate you for spending your time this way. But the matter is that during validation of a new version, the old version is not reachable too. Is this really necessary to totally block everything during validation? If we let users download the old (current) version it would be much easier to be patient!
(2011-03-19, 03:31 AM)Dylan M. Wrote: [ -> ] (2011-03-19, 03:23 AM)SaeedGh Wrote: [ -> ]But seriously, what's the Validation?
I honestly don't know
I don't validate (I have access to it, but I don't have the time so I didn't read the guidelines), and I'm not sure if thats supposed to be public knowledge. Obviously we're going to look for security issues, but aside from that I don't know what they do. Sorry.
Thank you so much. It's good enough to know there is a written guideline for that.
(2011-03-19, 03:23 AM)SaeedGh Wrote: [ -> ]But seriously, what's the Validation? I'm so curious about that. Do those staffs install each plugin and check the compatibility and performance (i.e. errors during activation) or it's just limited to security issues?
To be honest we do very little in the way of reviewing it from a technical standpoint, it just isn't feasible to extensively review every submission as it would take a lot of time and the majority of our team members aren't developers and therefore have a limited ability to spot complex design or security issues.
The main things we check for are those related to our rules, for example we would check that a plugin actually contained a plugin file and not just a text file with a link to a download page. If a plugin seems suspicions we might try installing it to check it runs properly and look for any obvious issues but you should always exercise a sensible amount of caution when installing plugins, especially when the author is less trusted or unknown.