Code review for security advisory coverage applications

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.

This group's purpose is discuss, document, and rally around the code review process for new contributors as well as code reviews for existing modules (outside of the security team), and to help people become (better) code reviewers.

This is not a place to ask someone to review your application.

Reviews and Mentoring for ilchovuchkov

This wiki page is created to keep track of vuil's Project application reviews. As a reviewer I hope to get more advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

Read more

Reviews and Mentoring for Pen

This wiki page is created to keep track of pen's Project application reviews as suggested by klausi . As a reviewer I hope to get more advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

Read more
klausi's picture

Directly approving applications from "needs review"

Hi,

I'm starting to directly approve project applications when I think they are OK from the "needs review" state. I think it is not necessary to do an extra step and let another git admin take a look. It just slows down the approval of applicants yet again and I think we can trust git admins enough to make the decision immediately.

Let me know what you think and if that might be a bad idea.

Read more
3ssom's picture

using hook_help() with README files!

Hello guys,

After doing some reviews lately.. I saw some contributors using hook_help() getting the existing read me file in the module .. here is an example:


/**
* Implement hook_help().
*/
function dblog_quick_filter_help($path, $arg) {
switch ($path) {
case 'admin/help#dblog_quick_filter':
$output = file_get_contents(drupal_get_path('module', 'dblog_quick_filter') .'/README.txt');
return module_exists('markdown') ? filter_xss_admin(module_invoke('markdown', 'filter', 'process', 0, -1, $output)) : '

'. check_plain($output) .'

';
}
}

Read more

Reviews and Mentoring for visabhishek

This wiki page is created to keep track of visabhishek's Project application reviews as suggested by klausi . As a reviewer I hope to get more advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

Some projects have multiple reviews.

Security Issues:

<

ol>

Read more
ARUN AK's picture

Project Applications Code Review Points

It would be better if we can add a review point system in Drupal code review of Full Project Applications. Normally people are reviewing other application only to get Review Bonus. Once their application/project got approved then they will lose their interest in Reviews.

I know reviewing other application is a best way to learn drupal coding, but there are other ways too. So that I am thinking, it would be better if we can implement a review point method in Drupal Code Review of Full Project Application system.

Read more
gisle's picture

Please review applicants compliance with third party policy.

As most of you know, we have a Git repo policy for the Drupal.org git repo. This policy is also explained in our guidance about 3rd party libraries and content. This is even linked to in the review template, under the heading 3rd party assets/code.

Earlier today, I was browsing the application queue, and I could not help noticing several applications that did not comply with the this requirement:

<

ul>

Read more
mlncn's picture

Please weigh in on giving more people the permission to give people git vetted user status

In particular, deputizing kattekrab— or proposing another person or another approach.

https://www.drupal.org/node/2736981 => Give kattekrab the power to give people the power to approve project applications

But i'm three hours into a stint of just approving RTBC projects (and not yet halfway done?), which should never be our backlog, and after Damien McKenna made a huge dent in that queue yesterday.

Read more
kattekrab's picture

PAR revamp underway - meanwhile, projects languish in the queue

The Project Applications Review process revamp is now a community initiative awaiting progress
https://www.drupal.org/node/2666584

After a year of discussion at
https://www.drupal.org/node/2453587

And 5 years of attempting to improve the situation for people wanting to contribute modules to Drupal.org.

While we continue to wait for a solution for the underlying problem, we still have people waiting.

Read more

Reviews and Mentoring for th_tushar

This wiki page is created to keep track of th_tushar's manual reviews of projects in the project application queue. As a reviewer I hope to get more advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

Read more
Cellar Door's picture

Promotion from single to full project status?

I think I'm in the minority of cases here but I can't find any discussion anywhere on the topic:

Read more

Reviews and Mentoring for heykarthikwithu

This wiki page is created to keep track of heykarthikwithu's Project application reviews for him to get advice and mentored by Git administrators and anyone else who might have suggestions, advices, etc.

Read more

Reviews, Mentoring - gauravjeet

Reviews and Mentoring for pankajsachdeva

This wiki page is created to keep track of pankajsachdeva's manual reviews of projects in the project application queue. As a reviewer, I hope to get more advice from more experienced reviewers. Please use the comment field to add your advice, corrections, and observations.

Reviews List:

<

ol>

  • Autosave Webform
  • Auto Block Scheduler
  • Read more

    [D8] Security review check list?

    klausi's picture

    Projects with empty code

    Received a question from an applicant per mail:

    Hi, I have a question about the project reviews, how come my project is still sandbox and there is people that can create 'projects' with empty code? isn't that against rules or at least ethics?

    https://www.drupal.org/project/amp

    Read more

    Reviews and Mentoring for Devaraj johnson

    This wiki page is created to keep track of my project application reviews Reviews and Mentoring

    Read more
    klausi's picture

    Abandoned applications are now closed after 4 weeks instead of 10 weeks

    I updated PA Robot to close inactive project applications (in the "needs work" status) after 4 weeks instead of 10 weeks. That way applicants get feedback earlier that the application is blocked on their part in case they forgot to update the status.

    Let me know if that causes any issues I have not thought of.

    Read more
    Subscribe with RSS Syndicate content

    Code review for security advisory coverage applications

    Group organizers

    Group notifications

    This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

    Hot content this week