Translations
Info
All page names need to be in English.
en da  de  fr  it  ja  km  nl  ru  zh

Extension Rating System and Reviews

From TYPO3Wiki
Jump to: navigation, search
This page belongs to the Extension coordination team (category ECT)

Vision

The TYPO3 framework offers several ways to extend the system with own code and share the code within the community using the TYPO3 Extension Repository (TER + TER2). In the past all the contributed extensions have been available through the TER on typo3.org without any kind of quality assurance. With the introduction of the TER2 this has been changed. The TER2 includes an integrated security review system which allows members of the security team to participate in the security review process. It also allows the users of the online TER to see which extensions are secure and which are not as well as the administrators using the extension manager in the TYPO3 backend. This ensures TYPO3 with its extensions to become a more secure CMS. Additionally this step builds some transparency for users and developers. In my opinion this is a very good start, but it could be extended in different ways:

  • building more transparency for users about the supported features
    • Template systems
    • Workspaces
    • Accessibility
    • DBAL

Concept overview draft

A first draft of an overview concept is available and open to discussion

First draft of an overview concept

Current situation

At the moment every extension which wants to get the supported label has to pass a security review by the security team. In addition Michael Scharkow has developed the rating functionality within the TER2. Due to some server problems the system is still not online. Some of the extensions get a manually review which is published at the T3N magazin. Discussions about an extended review process and system are going on at the mailinglist of the ECT and the usergroup of Hamburg.

Teams

Security Team

The security team is responsible for every security issues within the TYPO3 project.

Security team on typo3.org

For more information about the security policy and the work of the team have a look at the official webpages:

https://typo3.org/teams/security/

Contact the security team

https://typo3.org/teams/security/contact-us/

Extension Review Team

There is no such team at the moment. Some activity has been recognized among the usergroup of Hamburg, so hopefully the team will be founded within the next months.

Subprojects

Extension security reviews

The security team is responsible for every security issues within the TYPO3 project. One of the tasks are the extension security reviews.

Extended extension reviews

Not active at the moment.


Extension rating system

An enhanced version of the TER2 - TER - supporting user ratings has been developed by Michael Scharkow. A beta version of the rating funcionality can be seen at:

http://h843691.serverkompetenz.net/typo3org