TL;DR: A proposal for changes to the scope of the ‘git vetted user’ permission on Drupal.org, and the related project packaging and release capabilities associated with it; changes which would affect not only Drupal’s “new project application” process, but all contrib module authors.
Background
Much has been said about Drupal’s Project Application process as of late. Whether you are for or against it, there is one thing that everyone can agree on … we simply do not have enough volunteers to effectively manage the queue, and the resulting wait times can be somewhat frustrating for new contributors.
Over the last year and a half, we have made a number of tweaks to the process, with items such as the 'Review Bonus' program significantly increasing the number of people providing preliminary structure and code style reviews. Unfortunately, this progress has been offset by a sharp drop in participation by our more experienced reviewers and git administrators. As a result, applications are quickly moving up to RTBC instead of waiting weeks for an initial review ... only to stall out at the 'final approval' step for weeks at a time (or even months, in some cases). The truth is that the changes have not addressed the fundamental issue: it takes a significant investment of time to provide a review detailed enough to meet the standard of quality being enforced in the queue, and the current volunteer-to-applicant ratio is nowhere near what it needs to be to efficiently process applications in a timely manner.
But enough people (myself included) have shared their thoughts regarding ‘what’s wrong’ with the process today … and as the “project apps venting threads” exploded with activity again this winter, I found myself silently wishing we could get past the complaints, and back to focusing on solutions.
Well, simply wishing something does not make it happen. Without a defined end goal in mind, we find ourselves hampered by the ‘inertia of the status quo’, and thus restricted to minor, one-off, incremental changes which i) are small enough in scope to be pulled off by single individuals, and ii) do not significantly change the underlying process.
Looking back at my original proposal from 18 months ago, if fell apart on two fronts. First, while 'automation' is a noble goal, the proposal lacked definition around the 'next steps' or implementation details needed to achieve that goal. Secondly, discussions on this particular topic tend to go in circles, waiting for someone to say "Yes! Let's do this!" ... but with no obvious 'owner' of the process, that perceived validation/justification never comes.
While evolving governance discussions should help us to address this second concern, we still need to come up with a new model definition ... one which addresses potential concerns around security, code quality, and module duplication; while at the same time eliminating the enormous barrier of entry that the ProjectApps process has created for new contrib module authors.
With this in mind, I would like to propose a fundamental change to the scope of the ‘git vetted user’ permission on Drupal.org, and the related project packaging and release capabilities associated with it. Yes, it's long, but please read on ... this affects all contrib module authors, not just new applicants.
The Proposal
Step 1: Expose the 'project shortname' field on all sandbox projects
This field stores the proposed 'project shortname' for a given project. For sandboxes, the field would be editable by the project owner, but read-only to all other users. Validation logic on this field would ensure that the shortname does not conflict with any previously established projects. Validation could also go so far as to warn users about namespace conflicts with other sandbox projects, while still allowing the field to be saved.
Step 2: Write code, commit to repository, and run automated reviews
As soon as the sandbox is created, the project owner may begin committing code to the repository. Each code commit would trigger two automated reviews ... one to validate the repository structure, and one to validate the code style of the included code, using Drupal CodeSniffer. (Automation of these tasks has already been implemented within the Project Applications queue, through the ventral.org PAReview tool ... under this proposal, the same functionality would be ported over onto Drupal's automated testing infrastructure.)
The most recent results from both of these reviews would be collected and displayed within the sandbox administration page for the project, along with a mechanism to re-trigger the reviews (to clear any infrastructure-related failure conditions). In any cases where the reviews fail due to detection of a false positive, an 'override' checkbox would be made available to administrators, which could be used to indicate a manual override of the failed result (triggered via a request to the projectapps or webmasters queue).
Step 3: Promote out of sandbox
As long as both the 'Git Health Check' and 'Code Style' tests are passing (or overriden), the project namespace has been approved, and a valid release tag exists in the repository, a 'promote out of sandbox' link would be made available available to the project owner. This link would basically have the same effect as today's 'promote to full project' link (with one restriction) ... it would move the project over to the final project namespace and enable the creation and packaging of -dev, -alpha, -beta, and -rc releases.
Step 4: 'Non-vetted git user' restrictions
If the project owner is not yet a 'vetted git user':
- The packaging system would allow the creation of -dev, -alpha, -beta, and -rc releases, but no 'final/stable' releases
- A prominent warning notice would be added to the project page, stating that
- The module has been contributed by an author who has not yet run through Drupal's one-time peer review process,
- It is recommended that the code not be deployed on production sites without a full and thorough code and security review, and
- Users installing the code do so at their own risk.
Users wishing to remove this warning from their project pages would need to obtain 'git vetted user' status, which would follow the existing 'project applications' process as it exists today. Given that projects had to pass both a repository health check and code style review before moving out of the 'sandbox' state, they would be entering the process in a much more 'polished' state. In addition, as any stalling at this stage only prevents creation of a 'stable' release, reviewers can enforce a high standard of acceptance; and applicants should be much more tolerant of delays in the review process if the queue does happen to get backed up.
Step 5: 'Stable Release' notifications
As an added incentive for maintainers to produce 'stable' releases (and for non-vetted users to pursue 'git vetted' status), any projects which do not have a supported 'stable' release would receive another prominent warning notice on their project page:
"This project does not have a stable release on a supported major branch, and thus is thus not subject to release of Security Advisories by the Drupal Security Team. Note that the presence of a stable branch does not guarantee that the code is secure, only that the security team will consider the generation of a security advisory in response to any reported security issues."
This means that non-'git vetted' users will have two warnings displayed on their project pages by default, as they would be prevented from producing stable releases.
Projects which do have a 'full' or 'stable' release would receive a much less prominent notice, stating something along the lines of:
"Only the supported major version branches ([list of branches for the project]) will be considered for Security Advisories in case of any security issues brought forward to the Drupal Security team. Note that the presence of a stable branch does not guarantee that the code is secure, only that the security team will consider generating a security advisory in response to any reported security issues."
The exact contents, location, and formatting of these warnings on the project page would be subject to further debate, but the point would be that the first two are intrusive enough to incent project owners to create stable releases.
I'm throwing this out there for community opinion, feedback, and debate.
I do not have the bandwidth to implement all of the above myself ... but if, after community discussion, the above proposal is perceived to be viable, I will volunteer to take the next step of mapping out an implementation plan. This plan would identify a complete task list, broken down into a series of manageable bite-sized pieces, ready to be tackled by anyone in the community. I will also make myself available as a mentor for anyone who attempts to take on any of the identified tasks, whether it be helping them get set up within the drupal.org development environment, understanding of the project* module data structures, assistance in understanding the required testbot integration pieces (which I will prime), or scheduling meetings and/or sprints as required.
This process is one of the main on-ramps for new Drupal contributors entering our community ... and we have neglected it for far too long. Please take a minute to provide your honest opinions, feedback, and suggestions for improvement related to this proposal ... or maybe even propose an alternative solution of your own. And if you can spare it, spend an hour or so over in the Project Applications issue queue ... because the truth is that no major overhauls are going to happen overnight, and in the meantime, there are a number of poor souls sitting patiently in that queue; waiting for someone to come along, look at their code, and welcome them as they make that crucial next step from Drupal 'user' to Drupal 'contributor'.
Comments
This idea seems reasonable to
This idea seems reasonable to me.
I'd quibble and say that non-git-vetted-users shouldn't be able to create RC releases and maybe not betas, but it's definitely a small quibble. I feel more strongly about RC since at least with core we have previously timed the release of a core-RC with the release of security advisories in "younger" versions of core (i.e. drupal-7.0-rc* were timed at the same point as the drupal-6.* and drupal-5.* security releases so that both could contain the security fixes).
It also seems like a good idea to encourage the module author to add a link to their application in the body of the module so that the users of the module can provide reviews in their application (as long as we somehow make it clear that "+1" reviews are not helpful, of course).
Some things that I particularly like about this:
* It gives people enough ability to share their work and get feedback they might be OK with it and not need git vetted user status
* It still warns users who download the project of potential problems (it actually does this better than what we have now)
* If project maintainers do get a decent user base and issue queue going then it's easier to do the application review (at least in my experience, ymmv)
knaddison blog | Morris Animal Foundation
Exposing the project
Exposing the project shortname and alerting users to potential conflicts is a great idea. I know I've created several published modules that I would have left as sandboxes if that was an option. Call me lazy, but I wanted to lay claim to the namespace to avoid a rewrite of function names down the road if I did decide to create a truly supported release of the module in the future.
I think the wording of messages end users see need a lot of work, but adding a stable filter as the the default filter to http://drupal.org/project/modules would be another incentive to get to a stable release as well.
Another feature on Drupal.org that could use some rethinking is that configuring an unstable release as the supported brach of a project turns that package green on the project page. Green should be reserved for stable releases as a simple, visual cue for users.
This was a great read and
This was a great read and it's clear that you've put a lot of thought into this proposal! I'm for everything you've laid out here, but I don't have as much invested in the project review process as many others.
My favorite part of this is actually at the very end:
That gives me faith that this will actually get implemented! :-)
Thanks,
David.
This sounds like a great
This sounds like a great plan. I would add that Step 0 might be to see if this is blocked on the D7 upgrade. If not, I will volunteer to assist people that want to work on any portion of this plan.
--
Cameron Eagans
http://cweagans.net
Brilliant
I think this is a great proposal. It will actually simulatneously provide potential users with more information and make it easier for project authors to improve their code through real-world testing. I love the proposal for handling the shortname as well.
Only suggestion:
Well, that's always the case, so let's not imply it isn't for vetted users. :)
You have my axe! Or something....
Great to see the ball rolling! Just a couple of questions...
I can't see you mention anywhere how one becomes a 'git vetted' user in this proposal? Or does that happen with the first stable release?
And you said this proposal affects existing contributors, but I don't really see how apart from the notice for non-stable releases?
Good ideas
These changes will definitely crush the big pa-process roadblock into little blocks which new contributors can tackle step by step more easily.
I'd personally still like to offer my help to make this happen, but It's still hard to know where to start from. I'd suggest that you offer a kind of mentoring-BoF for people interested in contributing to drupal.org-changes in a pa-specific perspective.
The only thing I'm a bit worried about is that when we make it much easier to claim a namespace we should also make it easier to keep the namespaces clean.
- For example removing outdated / old / obsolete projects automatically after a certain time.
- Making it easier for other developers to claim a namespace of an obsolete/old project.
- Removing releases / tags of old drupal version (Drupal <6), deleting old projects which only have Drupal 4/5 releases.
Generally making sure that old namespaces does not stand in the way of new projects.
--- but that's a whole other issue..
--in short--
As said I like the Idea of smaller steps for new contributors and would be interested in meeting up at Portland to figure out how to make this happen.
Thanks for your write up!
Leave packaged releases a 'vetted user' incentive
I think these are great recommendations! I'm in favor of each except step 4, where I think any packaged releases should be a perk for a user with the 'git vetted user' role.
I'm for controlling packaged releases (as they are now) for two reasons. First, it can be seen as an incentive to have downloadable releases, the update notification system, and for stable releases -- security team support. Secondly, limiting packaged releases could help avoid a plethora of stale, non-stable modules. If an author can make a RC release and leave it so, even with the project page disclaimer, I suspect authors would see it as a point that's "good enough" to strive for and not deal with the difficulties of the application queue.
I like your other recommendations and think they'll assist with the process and feelings around drupal.org projects. Exposing project short name, tighter automated reviews, and project page disclaimers will help set expectations for new contributors as well for end users. Leaving the packaged release bar high will incentivize full project status and help end users.
Would you restrict all
Would you restrict all packaging, or would being more restrictive in the type of releases (e.g. alpha only?) suffice?
I see packaging (and tarballs) as one of the primary motivations driving applicants to apply for the git vetted role; and fear that even with the other changes, restricting packaging to git vetted users would still be seen as a 'front-door' roadblock ... which contributes to the perception of a two-tier society within the Drupal community.
Preventing packaging also
Preventing packaging also prevents versioning and testing by non-git savvy users. Without packaging, what's the advantage of using Drupal.org over Github?
Do you envision a relationship between non-stable release warnings on the project pages and Update Status messages on the Drupal sites? If installing a beta release triggered a security warning on every page of a Drupal site like a security update does, that would have a profound impact on the number of sites willing to use beta releases. Not sure if that's a good or bad thing.
I agree with @jthorson (for
I agree with @jthorson (for whatever my opinion is worth ;-)) that we should allow creation of SOME kind of package before getting the git vetted role. That was one of my favorite parts of the proposal because it adds a middle step, where the applicant gets a little bit of what they want, so they experience some success along the way.
Regards,
David.
All packaging
Yes, I think it's a good thing that packaging drives authors to the full project application queue. I think that giving up a little bit of packaging would decrease the need for stable releases at the cost of end-users.
I think we should try some of these new steps, measure the change, and revisit if needed.
Measure the changes to the queue and in general "project application feelings" and later revisit tiered packaged support, if needed.
A point missed
Part of the "active mechanism" of this proposal is actually moving the manual review as far back in the process as possible. This creates more community feedback to the applicant during the process, and filters out a lot of applications (the ones that don't reply to their first review in the system we have today) before we use precious voluntary resources on them. If you move the manual review back to the front of the process, this system won't actually reduce the work needed in the queue at all.
I'm in favor of some level of
I'm in favor of some level of tarballs. I think it gives a nice middle step. That said, I agree with ben that if people can do an RC then why bother with the full app?
There are two other ways we can potentially spin this:
Again, I personally think allowing dev tarballs is OK, but want to throw out some ideas about how we can potentially balance the "carrots" in this process to keep people working towards full releases (which, I think, is more or less what we should be encouraging everyone to eventually do).
knaddison blog | Morris Animal Foundation
The problem with relying on
The problem with relying on the dev snapshots is it makes it more difficult for users to report issues. "I'm using the dev snapshot from May 22".
Allowing alpha and beta releases would both help with real world testing as well as expose maintainers to Drupal's process for tagging release.
Preventing green/supported releases of beta and alpha in the UI and adding some indication in update status when a site is using potentially unstable, unreviewed releases would go a long way towards correcting maintainer behavior.
Would a dedicated new
Would a dedicated new extension work? Something like allowing "example-7.x-test1"? The word "test" is rather descriptive, and would certainly give people enough indication not to blithely download the module without some prudent caution.
PINGV | Strategy • Design • Drupal Development
A test tag for human testing
A test tag for human testing of things like ui related changes would be great!
We need to limit the allowed tags, and mentoring suggestion
I have to say, after going through this processes (within the past two years) I have to say this proposal is a great step in the right direction. I do have a couple of suggestions.
Allowed branch tags need to be limited.
I would say that -dev should be all that is allowed, except there is a large problem with that. It makes it less likely to push unfinished code --which could lead to loss of work, or patches for old code. So we will need something to keep this from happening. Task specific tags/branches are a good alternative, except leaving the naming up to (what will likely be an unexperienced) developer could lead to a chaotic mess.
I would suggest, for these pre-git-vetted users a new -stabledev branch should be added.
This will mean the -dev is always the newest and -stabledev is what works right now. Notice that I said branch and not tag. I don't think that pre-git-vetted users should be putting out numbered releases. If someone wants to add an bug report then it should be working off of -stabledev/or commit hash.
We need to encourage mentoring of new developers.
Part of the problem that I faced with the review process was, while some reviewers seemed willing to help others seemed more adversarial. In the end it felt like it was me versus them. I think much of that could be avoided by attempting to turn some of this pre-review step into community mentoring. These pre-git-vetted user projects should have their own Listing page and maybe some additional default categories in the issue tracker.
Currently there is;
Bug Report
Task
Feature Request
Support Request
Maybe we should add something along the lines of Practical Advice. To point out things that could be done in a more Drupal Standard way (or even to point out better ways to solve a task) even if it is not exactly wrong in the way it is being implemented.
Part of this process is allowing inexperienced developers to become experienced developers without going through the full review process. This will make the full review process more streamlined.
sounds great
What a well thought out and articulated plan.
My only suggested change would be to limit non-vetted users to dev and alpha releases only. In my mind the beta and rc tags inspire confidence without looking under the hood. I guess I have gmail to thank for that.
But that's an arbitrary distinction and I can understand if others feel differently.
A side-effect
Another side-effect of this, is that it contributes to lessen the status of alpha/beta/RC releases, which is a VERY good thing. It's really troublesome that module authors attribute so different meanings to these stages. It is a real problem that some popular projects have their users running betas for extended periods of time (in some cases, years). It makes it impossible to judge module versions without evaluating the code yourself.
IMO, I don't think we should
IMO, I don't think we should have a review process anymore. Just use the automated tests suggested by jthorson's plan and call it good. Open the flood gates.
--
Cameron Eagans
http://cweagans.net
No thanks
In August of 2012 the Security Team added a new issue status for "closed (can be public)" which is used for issues that can be public. Often (maybe most often) this is used for issues that don't yet have a stable release. Since August of 2012, 92 issues have been triaged into that status.
This graph shows the number of issues submitted per quarter. As you can see, triaging 92 issues in the last 3 quarters is a significant number (approximately 1/3 of the total issues submitted in that time period).
If you look at the applications with the pareview: security tag you will see that approximately 200 security issues were identified in the application review process. The actual number is higher because not every instance of finding a security issue gets a tag.
If we went with your proposal, the security team issue queue would be larger by somewhere around 300 issues (92 + ~200)..
Let's take the steps forward that jthorson proposes and see what the metrics say after a few months.
knaddison blog | Morris Animal Foundation
Ah, yeah, I didn't think
Ah, yeah, I didn't think about that. I suppose that's fair. Thanks for the detailed response as to why this shouldn't happen :)
--
Cameron Eagans
http://cweagans.net
One thing that's rarely discussed...
Some excellent points made above. One thing that's rarely discussed is the notion of a being a responsible project maintainer on drupal.org. I've publicly been at odds now for several months on drupal.org in an open issue with another maintainer -- and I was not the first to complain about him as I later found out and not the last-- because I felt he continued to ignore most of his issue queues, yet he continues to upload full project after project every month or so; he is essentially creating a wasteland of projects that never get attended too and appear to be abandoned shortly after these full projects get created.
This new process discussed here might go a long ways to addressing this as in a way you are letting the users of the project decide how good it is (by giving it more exposure) and if a maintainer later wants to become a full Git vetted user, one can look back on their issue queue and see if they attended to it in a responsible manner. By the way, I felt I had a right to complain only because I myself am now a full project maintainer with my Bamboo Theme. I wrote a little blog post that might be relavant for what I am discussing here.
Along these lines, I'd also love to see some kind of rating system for a project perhaps based on support level as well as quality and even documentation though I am not sure if this would be a wise choice, just throwing it out there.
High Rock Media | Drupal Photography | Skype: highrockmedia | Twitter
Please don't let the pursuit
Please don't let the pursuit of perfection prevent progress. Keep this focused on reworking the project review process. Reviewing maintainers will lead to discussions of code of conduct, certifications, open source license literacy, etc, etc.
As is often the case, we
As is often the case, we ultimately need to compromise somewhere and a combination of popular opinion and what is technically feasible will determine that.
Here are the 5 proposals.
I haven't noticed anyone saying that Steps 1, 2 or 5 are controversial (though I imagine 5 will get some bikeshedding over the words and location). Steps 3 and 4 seem to be well liked, though the exact details of how its implemented seem to be still a question of debate.
In my opinion, it makes tons of sense to work on the non-contested items in the order they are technically feasible and provide value Step 2 feels to me like the highest priority item that provides significant value.
knaddison blog | Morris Animal Foundation
A big +1 to the idea of the
A big +1 to the idea of the automated code sniffer reviews etc, that would be a big step to improving code standards of published modules - particularly preventing (or warning against) packaged releases which don't meet standards.
One of my concerns about the current process is that it's very good as an education piece for a contributors first published module (and to get the "git vetted" role), but there is nothing which helps us with subsequent projects once that vetting has been provided. For example numerous sandbox promotions are rejected for overlapping functionality, insecure code, lack of code standards adherence, but there is nothing to prevent this if someone already has the role to promote sandboxes. To take the security concerns as a further example, although getting a first sandbox published may educate about the security process, there's no guarantee that it will be so ingrained that the second module will be that much better.
Discussing this with some colleagues the other day, we were intrigued whether (for example) Scald would be approved if it was a new users' sandbox... or would it be rejected for overlap with Media?
Just for the record... I
Just for the record... I think Scald looks awesome, just chose that one to illustrate a point.
I think the duplicate review
I think the duplicate review is about 2 things:
However, duplication is never supposed to block an application if they've documented the differences on the project page and "Duplication" is the only flaw with the module.
knaddison blog | Morris Animal Foundation
I've had "duplication" be the
I've had "duplication" be the only reason my sandbox didn't get approved - http://drupal.org/node/1910630 - all code was reviewed and was fine (after I'd responded to comments and updated), and the differences between the modules were documented on the project page (otherwise I dont believe the duplication would have been noticed).
In my case, it's worked out - I'm now co-maintainer of the module I was duplicating some areas with, and am working on a 2.0 release of that module to merge my sandbox with the existing module - so contrib and Drupal (and me) all win.
However, in the scenario where the original maintainer wasn't as approachable as in my case, this would be very demotivating to someone who was trying to publish their first module. My point was also that not just with the duplication check, but for any of the facets of the sandbox review, none of this guarantees better 2nd modules from anyone - in fact if anything, once the git vetted user permission is published I think there's more likely to be cases of people pushing modules live without a careful review.
Thanks for the awesomeness comment :)
It would be impossible to submit Scald in a sandbox today because it's like media : it's years of hard work.
BTW : your sessions in DrupalCamp London were also awesome
Project Application: Selective Assets
Here's a prime example of the barriers this proposal aims to alleviate - where a new contributor has done everything right, and the volunteer reviewers have been helpful and supportive, but the application process has ultimately frustrated the developer to the point that he doesn't even care to peruse it anymore: http://drupal.org/node/1711898
+1
I like the proposal, especially the part about the project short name field and that everyone can "promote" a project to the name space URL after the automated reviews pass. I think that is an intelligent way to work around the spammer and name space squatting problem that I am afraid of.
One concern: that also means that our project name space fills up more quickly, so we need to provide automated mechanisms to free up name space again. We all know that claiming an existing project name space is tedious right now, because it is a manual process in the webmaster queue. So we also need to automate that, projects get pushed back to sandbox mode if one of the following criteria is met:
And of course there is a quota: you can only create one full project per week. That should at least slow down the trolls.
Pushing back to sandbox can be manual
I disagree with automation as a necessity in revoking project namespace ownership. I'm not against automation, but I don't think it's necessary, and I think we should leave it off the list of steps for now to avoid slowing down implementation.
There are three people potentially involved in that process: the project owner, someone who thinks the project shouldn't have the namespace, and a webmaster. That last one is, lately, almost exclusively me. It's very easy for me. It takes little time and is very straightforward. I doubt it's tedious for the project owner, since they either don't participate at all (the common scenario) or they say "I'm still working on this" and that's the end.
I can see how the process would be described as "tedious" for the person who wants to see the project lose ownership of the namespace, because of the 2 week wait on completing the process. But that wait is a policy the community has set (to give the project owner a chance to respond), so it could be made faster simply by changing the policy. The wait on manual process is almost never more than a week. I just checked the last several issues and the response times are all under 4 hours. And that's with only one person doing it. A second volunteer could easily handle 10 times the current workload and reduce the process wait even further.
So automation of the namespace revocation process would be great, but I think we can safely move forward without it. If it needs to be faster, the opportunity to make the biggest impact there is currently in policy (2 weeks), not process (1 day).
That is good to know, I
That is good to know, I wasn't aware that the actual process works out so well. Thanks for your effort!
I'm just concerned that the name space fills up exponentially fast if we never revoke full projects. People don't want to wait, so they just publish stuff under a different name. "foobar" is already taken, so "foobar2" is created and the next one takes "foo_bar" while at the same time "fooobar" is born.
Hm, now that I think of it - that will happen anyway, whether we automatically revoke a small fraction of full projects or not. Basically we are giving up on avoiding module duplication on drupal.org, which is a bit sad. But I guess this is a price we want to pay in order to improve this process. So I think I'm fine without any automatic revocation process, it would be be of little benefit.
I guess the unsupported module process will become much more popular in order to get a useful project name, so hopefully it all regulates itself and lots of people reclaim occupied name space.
Although I can also see a future with a lot of ugly project names like "f4ceb00k_connectar".
I think this is a good idea,
I think this is a good idea, but I think "no releases for a set time" is difficult. There are a lot of stable and popular D6 modules that haven't had a release for years.
I meant no release at all,
I meant no release at all, i.e. there has never been a single release on the project. Drupal 6 projects with a release are of course fine, regardless how old it is (at least as long as Drupal 6 is supported).
Ah, sorry, I misinterpretted
Ah, sorry, I misinterpretted this too! And my urge to respond was sooo great, I didn't finish reading this bit of the thread before writing my own comment. :-) You can disregard the bits of my comment about this point.
That makes much more sense
That makes much more sense :p
I guess we could also use commits as an indicator. No releases and no commits for 3 - 4 months or something.
This worries me...Releases
This worries me...
Releases only for unsupported versions of Drupal, ex. Drupal 5 seems like a reasonable criteria. Once Drupal 8 comes out, if there was no Drupal 6 or 7 release, 8 is going to be a rewrite and clearly the original module maintainer isn't interested in doing it herself.
HOWEVER! No releases for X time seems risky to me. Drupal doesn't change (or shouldn't change) during point releases such that a contrib module MUST be updated. And some small modules do exactly what they need to do after version 1.2 and don't need to be updated... ever. :-)
If there were any heuristic about the inactivity of a project (and I'm not saying there should be one!), I think it should have to do with the issue queue. If people are posting issues, it means something NEEDS to change in the module, even if that's documentation. If the maintainer isn't dealing with the issues, it means the module is having maintenance problems. And in the most extreme case - the module is no longer being maintained.
Anyway, I think this is an area where we should tread very carefully.
Best regards,
David.
Great proposal
This proposal addresses most of my criticism from http://comm-press.de/en/blog/buried-sandbox
Many thanks, Jeremy!
Frank
My LinkedIn profile
Not sure about Step 5
Steps 1...4 are fine but Step 5 IMHO is a misguided incentive.
<rant class="tangential-to-the-project-application-process">There already are 'stable' releases that in reality are anything but stable - of course, mostly for minor modules, but still there are lots of them. Do we really need to push people to create more? Is creating releases 'stable' only in name such a great job, and should cautious approach be punished with a big knotty stick?
More pseudo-stable releases will lead to
raised_expectations + unchanged_reality = more_frustrationon users' part. No one needs that.</rant><constructive>I have no hard data but from conversations with site builders it seems people pay a lot of attention to green ('recommended') status - perhaps green is even a bit overbought. Giving it more real meaning, e.g. by adding ability to create 'recommended' releases to Step 4 (so that only vetted users can create shiny green releases) might therefore make sense.
Also, +1 to @kreynen's suggestion that "[g]reen should be reserved for stable releases" which is less intrusive; essentially, it would come close to merging two already strongly correlated dimensions -
unstable...stableandnot_recommended...recommended, thus making navigation of the project continuum easier.Thanks
wow I think this is a very good idea
Mua máy đo ph nước chính hãng knick Đức liên hệ tại đường link https://hoanganhmall.com/may-do-ph. Hoàng Anh mall chuyên cung cấp các thiết bị máy đo trong phòng thí nghiệm đặc biết máy ph knick Đức.