[wp-meta] [Making WordPress.org] #4309: Displaying PHP Compatibility results from Tide on wp.org

Making WordPress.org noreply at wordpress.org
Thu Dec 5 02:50:45 UTC 2019


#4309: Displaying PHP Compatibility results from Tide on wp.org
------------------------------+------------------------
 Reporter:  JoshuaWold        |       Owner:  (none)
     Type:  enhancement       |      Status:  reviewing
 Priority:  normal            |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:                    |
------------------------------+------------------------

Comment (by dd32):

 Replying to [comment:22 JeffPaul]:
 > I'm curious if you, or the folks you spoke with at WCUS, see a benefit
 to providing this information privately to the plugin authors so they can
 work to update/resolve issues on their end and thus improve the accuracy
 of self-reported data?

 Speaking personally - I've always held the opinion that clear steps
 authors can take to run tests on their own is a benefit to the greater
 community, unfortunately getting most of those things up and running is
 way too complicated for most users (WPCS is impossible to use for some for
 example), which is one thing that may have ultimately lead to Tide being a
 thing.
 This doesn't invalidate the need or intentions of Tide, only that Plugin
 and Theme authors shouldn't have to rely upon WordPress.org or a service
 to be able to get that data.

 > Also curious if you think this approach should be totally abandoned in
 favor of helping the Plugin and/or Theme Review teams automate some of
 their review processes with Tide?

 Yes, I think both of those teams need more automation, but I personally
 question if Tides current model can easily apply to that though.
 The Plugins and Theme teams currently most need instantaneous checks,
 things that can run in a few seconds and validate no major issues,
 potentially then followed up with a more detailed set of checks being run.
 Both already have tools setup for this, but both need iteration and far
 more checks being added but lack of resources in doing that.
 The Tide Output *may* fill some of the secondary-check requirements, but I
 have no idea, I've never compared what those teams look for (And in the
 case of the Plugins team, some checks are private due to the nature of
 malicious actors) to what Tide outputs (I've only ever seen a tide report
 second-hand, and that was a long time ago)

 > Essentially, I'm reading your comment as a major roadblock in continuing
 with our current approach/plan for Tide and wanting to see what you'd
 recommend we pivot and focus on instead.

 I don't want to act as a roadblock here, but acknowledge that I am given
 the above.
 I'd love if the current and original plans for Tide could be completed,
 but I think automated scanning with coderule sets is only going to go so
 far, it can't be reliable for many hard yes or no situations, only be
 pushed into more general "code quality scores". It's a question of "Does
 this provide certainty? Or does it provide recommendations and potential
 red flags someone needs to review manually?"

 If you look at the way the Theme Check rules have worked, they've outlawed
 certain things in a blanket rule that has lead to authors misusing other
 things - for example `file_get_contents()` in favour of `WP_HTTP` and
 `WP_Filesystem` has resulted in many legitimate uses of the function to be
 done in hoop-jumping ways where it should've only ever been done as a "RED
 Flag! Is this being used to request a URL? Bad! WP_HTTP!  Are you trying
 to Write to theme files? Uh.. probably shouldn't be doing that.. but
 WP_Filesystem exists for interactive requests and you probably want to use
 that" (This is just an example).

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/4309#comment:23>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list