[wp-hackers] Code reviews for plugins?

[Harry Metcalfe]

On 23/08/10 04:49, Mark E wrote:
 > I'm seeing a big issue centered around delivering a false sense of
 > security to numerous millions of innocent people.

I agree. I like the idea about having objective criteria, and if the 
results of reviews were phrased appropriately -- ie, accurately -- that 
would be a nice thing to have.

But just to say "The community has reviewed this plugin and it looks 
A-OK to us" is a really bad idea. For a start, I'm not sure you can 
really do that in a generic way: to make that statement for any 
particular user, you'd need to know what other plugins they were 
running, and what their theme does. But ordinary, non-tecchie WP users 
will just interpret it as a badge of quality and may therefore be misled.

But more importantly, just to say a plugin has been "reviewed" without 
knowing what the reviewer was looking for is meaningless. They could 
have been looking for fluffy bunnies. It essentially ends up being a 
review to look for the things the reviewer thinks are important. Which 
is perhaps slightly better than nothing, but not much.

I think we should come up with a list of the top 25 mistakes people make 
in plugins, review to find those, perhaps also highlight whatever else 
looks problematic and tell the author, and then say to users "This 
plugin has passed a review which checks for some common WordPress plugin 
problems" or somesuch...

Harry

PS: if this plan means I never have to spend hours fixing all the 
notices in someone else's plugin, that would be nice.