[wp-hackers] Reviews for Plugins

Ryan Frankel ryan.frankel at gmail.com
Tue Nov 1 22:05:52 UTC 2011


Otto,
  Sorry if my previous message wasn't clear.  I wasn't saying that authentication isn't a problem, I was just saying that it seems like a solvable one.  I am fairly sure that we could come up with some sort of system that would verify users as well as possible (or at least as well as required).  I don't see too much point though going through the trouble of having lots of discussion about it without that being proceeded by how it might interface to ORG.  

But, now that you got me curious, how did you eventually solve that problem?  

Ryan


On Nov 1, 2011, at 5:58 PM, Otto wrote:

> On Tue, Nov 1, 2011 at 4:52 PM, Ryan Frankel <ryan.frankel at gmail.com> wrote:
>> I think the real issue here is that WordPress.org would have to be on-board with this.  The issues with identity management and what the UI should like like are problems that can be solved.  They might not be simple but they are doable.  But, when it comes down to it, if the repo doesn't support something like this then there is not much hope.
>> 
>> I do like the idea of using Gravatars though.  Which brings me to another thought similar to this…it would be possible to create a plugin that does something similar to this and stores reviews elsewhere.  Basically, you would just have to report the current users e-mail, the plugin slug, and their rating.   It could be a separate web service that does this sort of thing.  I think the problem is that the ratings wouldn't be shown in the repo though.
> 
> WP.org backing isn't your problem. Identity confirmation and authentication is.
> 
> See, if you don't have solid authentication to ensure one vote per
> user, then you're going to run into gaming of the system. Guaranteed.
> Heck, I've had to deal with it on .org before, for the star ratings.
> 
> Without a solid authentication scheme, you'll have plugin authors
> mass-voting on their own plugins to raise their ranks, and mass
> downvoting on whatever they perceive to be the competition. You may
> think that this is stupid, and you're right. Doesn't matter.
> 
> I once found a guy on org who created something like 2000 fake
> accounts, then had them mass-vote on a handful of plugins. When I
> removed the votes (and the accounts), he did it again, with another
> set of accounts that he had pre-created in anticipation of this.
> Seriously. For freakin' star ratings.
> 
> Any system you implement that doesn't have solid authentication will
> be subject to gaming, and gamed it will be, rendering it rapidly
> useless.
> 
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list