JED Team Meeting Notes - 4th December, 2015
Today the Joomla Extensions Directory (JED) team met at 6:00 AM (GMT -8) via Glip to discuss our progress of current tasks.
Statistics for the month of November 2015:
Listings: 183 Submitted 155 Approved
Tickets: 304 Submitted 304 Processed *wipes sweat*
Reviews: 883 Submitted
JED Template Updates for http://extensions.joomla.org
The template updates for the Extensions Directory is almost ready to launch. A final meeting will take place with Markus and Miron. It has been tested and working. The next step is to put it on our development domain for a quick look and then pushed to our live server.
Joomla Extensions Directory Contributor Agreement (JEDCA)
After almost 5 months of going back and forth via processes/updates, we finally have an approved JEDCA as of yesterday. Our lawyer has been very quick to respond and made the process quick towards the end. What does this mean for Joomla? It means we are one step closer to having contributors work on the JED.
The next step is getting our JEDCA set up on EchoSign and embed into the website, so contributors can easily open up a page and click “Sign”.
The Joomla Extensions Directory will be open source. Originally we planned to only have a select few work on the JED, but realized that’s not enough people to rely on. If we let the JED be open up to the public, our pending Issues and Features list would be implemented at a much faster rate, which will be much more beneficial to the users as well as the extension developers.
Steps to gain access:
Post on the issues you want to fix
Tessa or Matt will increase your access in our repo to “Write”
Be sure to check the Vagrant config file to replicate the JED’s system requirements
Overtime we want to work on making the contributor process much easier.
Anibal is working on an announcement on a “Call for Developers”. An in depth explanation of the contributor process for development and testing will be explained. You will find information on this on the JED Blog as well as the developer.joomla.org announcements.
To gain access to the developer chat, send an email to tessa.mero (at) extensions.joomla.org. You will see important tasks to the right, and we will discuss general issues there. (Specific issues will be discussed within Jira). Also, Jira integrates with our chat system, so you can easily see new issues and replies to issues right in our chat system.
JED Dummy Data
Angel has finished with a copy of the JED database and put dummy data/sample user emails in it for the public. The purpose of having dummy data in the database is to keep user information private and to have only enough information for testing bug fixes.
We discussed how useful the NewRelic subscription has been and will be continuing usage of it. NewRelic has been useful for the JED team because it has been monitoring application and server performance. It has really helped point out where the performance issues are at and we’ve been able to spot out problems quickly.
Email Relay Service
We discussed if we should use Mandrill or look at other options, such as SendGrid or sendy.co/Amazon SES. We will continue conversation in an existing Jira issue to make a decision.
JED Website Performance
This has been a heavy topic and the JED team is taking this in priority by looking in depth into ways to increase the JED overall.
Tessa Mero and Markus Bopp will be in charge of keeping the Jira issue tracker cleaned up and organized. Often we get duplicate issues or unnecessary issues posted.
Jaz Parkyn and Luca Marzo have been working hard on a document to completely improve the JEDChecker system. It will soon get a development overhaul. The purpose for the improvements is to increase code quality and security measures on the submitting listings to the directory.
Here is a list of suggested improvements, but only under discussion, as we are taking any feedback from the community:
Improved colour schemes and UI, use bootstrap colours
Checks of the uninstall script, compared to the install script, to ensure that when a user uninstalls an extension that all of the extension’s files and database tables are removed correctly
Ability to read en-GB language files for install name (not 100% sure how this would be done, maybe find path to language file from the xml file, and extract the line that matches the name tag. It would also need to determine whether or not the name had been hard-coded, if not, check language files. Also not sure how this would work for extension specific listings.)
Flag words that are not permitted in extension names (eg. component, module, plugin, free etc) - NM3 Error Code
Flag the word Joomla. TM2 Error code
Version numbers in name - NM5 error code (flag all numbers found, require manual check)
Code quality checks - http://joomla.github.io/coding-standards/
Detection of hidden files and folders
Detect if remote files are being loaded - new error code EXT-CALL (require manual check)
Check if uploaded file is actually a zipped file - all other file extensions should be rejected
Improve the security of uploads.php so that the user input is sanitised and cannot be manipulated (uploads.php line 77 if (!JFile::upload($file['tmp_name'], $file['filepath'], false, true)) - The final true parameter ensures that file checking is turned off, so there is no sanitization of the file input regardless of the Joomla version. A much better way would be to set the safe file options appropriately, so that JFilterInput::isSafeFile() checks for .php extensions when JFile::upload tries to upload the file.)
Future Meeting Reports
I’m going to expect by the next JED team meeting report, I can start adding a list of major bugs/features that get fixed/added to the JED.
Please, if you find a bug or have improvement suggestions, please find the issue on our Jira Issue Tracker. Your opinion could make a significant impact on the Extensions Directory.
The next JED team meeting will take place on 24th December, 2015 at the same time.
Previous JED Meeting Reports:
Team Meeting: 25 September, 2015
Team Meeting: 28 August, 2015
JED Team Summit: May, 2015