[dokuwiki-teams] [plugin & template] : Suggestion
- From: Guillaume Turri <guillaume.turri@xxxxxxxxx>
- To: dokuwiki-teams@xxxxxxxxxxxxx
- Date: Sat, 2 Oct 2010 11:03:54 +0200
Hi plugin & template team,
Now that I saw that our team page is created, I'd like to know how we could
work to manages the 682 plugins and 70+ templates.
I have two suggestions. The first one deals with a way to structure this
work, and the second one deals with security.
1 - An approach to find relevant plugins
Here are some tasks currently listed on our page are:
- Manage listings: Remove old entries, Assure completeness & correctness of
Entries
- Find new maintainers for orphaned but popular templates and plugins
- select “featured” plugins
A way to do it, for the plugins, could be to create a table (like the one I
created as an example, on our page) which would contain, for every one of
them, the following information:
- the name of the current maintainer, if there is one. More precisely, if he
didn't update this plugin, or its page, for, say, 6 months or a year, we
could contact him in order to know if he is still willing to take care of
his plugin.
- does this plugin works, at least with the last version of Dokuwiki?
- is the documentation complete? In particular, is it possible/easy, from
the plugin page:
- to know how to use the plugin
- to download it
- to know how to contact the maintainer
- to know the compatible versions of Dokuwiki
- the last time a member of our team checked this plugin.
Of course, since there is a huge number of plugins, it could be quite long
to do it, but we would have to do it only once since, once its done, this
table would only have to be updated once in a while (when a plugin is
created/updated, when a new version of dokuwiki is released...).
And once we complete this study, it would be much easier to select featured
plugins.
2 - Security
Beside this, I think another important point should be considered: the
security. Indeed, it's easy to create a plugin which introduce security
holes.
Since anyone may create a plugin (and, above all, update it at anytime), it
seems quite impossible to check each of them; but at least the featured
plugins should be checked.
More precisely :
- it could be a good idea to create a kind of official "warehouse" which
would contain only plugins checked by "trusted members"
- it could be relevant to create a security team, which would take care of
this warehouse, and which could also audit the core of Dokuwiki.
I let you tell what you think of those ideas, and if you think things should
be done differently.
Regards,
Guillaume
Other related posts:
