Extension Rating System and Reviews
The TYPO3 framework offers several ways to extend the system with own code and share the code within the community using the TYPO3 Extension Repository (TER + TER2). In the past all the contributed extensions have been available through the TER on typo3.org without any kind of quality assurance. With the introduction of the TER2 this has been changed. The TER2 includes an integrated security review system which allows members of the security team to participate in the security review process. It also allows the users of the online TER to see which extensions are secure and which are not as well as the administrators using the extension manager in the TYPO3 backend. This ensures TYPO3 with its extensions to become a more secure CMS. Additionally this step builds some transparency for users and developers. In my opinion this is a very good start, but it could be extended in different ways:
- building more transparency for users about the supported features
- Template systems
Concept overview draft
A first draft of an overview concept is available and open to discussion
At the moment every extension which wants to get the supported label has to pass a security review by the security team. In addition Michael Scharkow has developed the rating functionality within the TER2. Due to some server problems the system is still not online. Some of the extensions get a manually review which is published at the T3N magazin. Discussions about an extended review process and system are going on at the mailinglist of the ECT and the usergroup of Hamburg.
The security team is responsible for every security issues within the TYPO3 project.
Security team on typo3.org
For more information about the security policy and the work of the team have a look at the official webpages:
Contact the security team
Extension Review Team
There is no such team at the moment. Some activity has been recognized among the usergroup of Hamburg, so hopefully the team will be founded within the next months.
Extension security reviews
The security team is responsible for every security issues within the TYPO3 project. One of the tasks are the extension security reviews.
Extended extension reviews
Not active at the moment.
Extension rating system
An enhanced version of the TER2 - TER - supporting user ratings has been developed by Michael Scharkow. A beta version of the rating funcionality can be seen at: