General developer forum

 
 
Picture of Oleg Sychev
New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Trying to upload a new version of my question type to the Moodle plugins Directory was a very frustrating experience.

There is some strict validator evil which don't allow you to do anything which doesn't suite some top secret rules. There is no link to the wiki page, describing them, plugins section of Coding guidelines also doesn't helped. Looking in the core Moodle code doesn't help too, plugins distributed with Moodle core are free to violate those rules. They are only for 3d party developers.

But the rules themselves are non-trivial to satisfy, and may as well require rewriting of many parts of code and re-testing of you entire plugin (like table renames etc). 

Some examples of how good the process is:

  1. with new Moodle version you often need a several interlinked plugins to work: like question type and some behaviours for it; naturally for the conveince of you users you'd want to give them one clear zip file they could unpack and get everything needed installed, it's easy to do - but could you upload such archive? Of course not! You should bother to upload each plugin separately and you users are supposed to have troubles of downloading them separately too! Just the care we all needed...
  2. Do you think you'll find a good guidance looking in the Moodle core plugins of the relevant types? big grin No, it's impossible. Moodle core question type tables are prefixed with "question_" but you are supposed to rename you tables in "qtype_xxx" fashion. Same goes to the required version numbers etc.
  3. Oh, of course - I know - Moodle developers  -  who are working on the Moodle full time and get paid for it -  are too busy to fix these trivial things right now, they will do it in some near future -  maybe in several years. Authors of validator obviously thinked that those lazy 3d party developers have tons of free time to work on Moodle plugins (well, anyway why they do it in the first place while nobody pay them for it?!) - so they should be much more saint then Moodle core developers themselves - and start right now...

Was it really so hard to be more polite to you community?! At least to write a page with clear set of rules and provide link in the validator? Why should the process be so frustrating and inconvenient? Incovenient for the authors, inconvenient for the users...

Or it was really a goal of the new Plugins directory to piss some people off? There were way too many plugins in the old Modules and Plugins database. Treating people hard is surely the way to reduce numbers...

P.S. Anyone wondering about my plugin could look on the comments on MDL-29095 - there were some comments from it's users there.  I'm not just newbie who doesn't written anything serious but already complaining.

But why should I care about rules Moodle developers don't care to follow themselves? Why should I care about rules when I coudn't even get a full list of them in one place? Is this the way you treat you community?

 
Average of ratings: -
It's only an avatar...
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful MoodlersGroup Testers

Hi,

I understand your frustration at trying to do something creative and feeling that your ever move has been blocked.  This tutorial, Development: Themes 2.0 adding upgrade code, but although is was written for Theme Developers, it may be of interest to you as as a Plugin Develper, becasue Moodle Themes are now classed as Plugins and so we too need to know about what requirement are needed like version.php and all that goes with it. 

I hope it helps anyway.

Cheers

Mary

 
Average of ratings:Useful (1)
Picture of Joseph Rézeau
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful MoodlersGroup TestersGroup Translators

Yes, Oleg, I've been through the "frustrating experience" you mention...

As regards your question #2, see the questions I asked in this discussion http://moodle.org/mod/forum/discuss.php?d=187125 on Sunday, 23 October 2011 and Tim's answers.

Joseph

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Looking in  http://moodle.org/mod/forum/discuss.php?d=187125

"Some time, I will rename all the core question type tables to match the new naming scheme, but I am going to wait until they say something like "to upgrade to Moodle 2.3, you must already have Moodle 2.2", because that gives us a clean break in the upgrade process at which to make the change."

I just admire the way how core components could be excused from following rules for a time, but a third party components surely could not be excused from anything...

When people with power in society create and enforce laws, but don't follow them themselves, we call it corruption. How should we call Moodle devs behaviour in this matter?

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Oleg, the most inportant people are not the third-party plugin developers like you. Nor are they the Moodle HQ developers.

The most important people are all the site admins who should have a really easy and consistent experience installing and using the plugins from the plugins database.

At the moment, the new plugins database is still very frustrating, but it is getting better gradually. Ranting about it is not going to make it any better. Polite constructive criticism might.

 
Average of ratings:Useful (1)
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

"The most important people are all the site admins who should have a really easy and consistent experience installing and using the plugins from the plugins database." - well, solving problem 1 in original post would help site admins in the first place.

"Polite constructive criticism might." - well, it's quite obvious:

  1. put the link to the wiki page listing all rules from validator (and necessary information of how to satisfy them) to the http://moodle.org/plugins/registerplugin.php - i.e. let people know in advance laws they should live with;
  2. make all rules only a warnings for older Moodle version (up to 2.1 at least), so plugins written before validator don't require DB upgrade and potential breakage just to upload to new database - but add a message that from Moodle 2.x they will become absolutely necessary - i.e. give people time to adapt;
  3. show a good example following these rules themselves - if they really are so darn important - it's greatly adds respect to the rules if the very people who enforce them are following rules themselves - and preferably make the rules necessary in validator only after all Moodle core plugins would satisfy them
  4. change Moodle code to make it easier to adapt better - for example validator expect you to rename DB tables - did you expect XMLDB editor could generate upgrade code to do this? sad  Of course it could not!
  5. make validator to accept archives with a subtree of moodle folder tree to allow distributing several linked plugins at once - that would add to comfort of site admins;
  6. add GPL to the list of licenses when uploading files - it's strange to read note about having to license you files under GPL and get no such option when uploading;
  7. make an option of have plugin code in repository/autozipped link without having to upload archive manually each time you made an update.

"Ranting about it is not going to make it any better." Well, if I choose ranting between ranting and give up sharing throught moodle.org - that's only because of messages from people who are using my question type already and relying on it. It's actually not hard at all - just not share. I could really give up if that was my first experience of uploading my plugin to moodle.org - and I wonder how many potential Moodle developers would do the same.

I do not think polite criticism have much chances of doing anything better, been accustomed to the Moodle for some time (well, you always could try to prove me wrong in this matter wink). I also consider an option of satisfying all requirements, than delete plugin from database and share it apart from moodle.org as a form of unrest against such rought introduction of these rules. I guess it would lessen the number of users, but since I still not getting much back from them, it probably OK.

 
Average of ratings:Useful (3)
Picture of Marcus Green
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group Particularly helpful Moodlers

Oleg, I'd rather you rant than go away smile. I was thinking the other night that there is a danger people may start to share plugins via Github instead of the database and that would be worse for everyone, not least for the less experienced admins who are not comfortable with that approach.

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Well, yes, ranting is better than going away, but trying to be polite first is not hard (though even I fail sometimes) and is only courteous to the rest of the community.

Sometimes it can be quite cathartic to type out the ranting forum post, but then you need to delete it and rewrite it in calm lanaguage.

 
Average of ratings:Useful (1)
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Well, Tim, if the new plugins database was introduced in courteous way, there would be no ranting in first place.

I know of three ways to answer an uncourteous action that have some chances to be effective: uncourteous words (i.e. ranting -  to make know you are really engraged and may do something), uncourteous action of you own (that's destructive one I would not like to resort) and a (maybe temporary) break of connections.

The two ones not effective are courteous words (usually just ignored?) and threating of breakage without doing one. If you would suggest better way, I may adopt it. To be polite and do the same when you rights are violated is not a good way.

" the moment, the new plugins database is still very frustrating, but it is getting better gradually." For now I decide to follow rules,  but don't use Moodle Plugins Database. I may reconsider when it actually "get better". 

 
Average of ratings: -
It's only an avatar...
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful MoodlersGroup Testers

Hi Oleg,

It is also courtious to answer a comment too, however insignigficant it is in your eyes. I was the first to answer your original post here, thinking, mistakenly perhaps, that you were not familiar with the way the Plugin Database works.  However, whilst you still rant and rave about YOUR feelings you disregard those of us who feel just as agrieved by what amounts to your ill mannered ways.

It would have been nice to have at least acknowledged "my post" too!

Cheers

Mary

 

 

 

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Oh, Mary.

I'm really sorry - been a bit overworked and having limited access to the Internet I forgot to thank you for you most useful link. sad Please forgive one ill mannered man shy. No one of my ravings were against you...

I hope my last posts - both there and in the other discussion are less ill mannered and discorteous as the first one would be. I could be most cordial when getting estranged from people or community. I just hoped to avoid it. Do you think I ought to just start from http://moodle.org/mod/forum/discuss.php?d=184421#p836324 which I hope you woudn't call raving at all? Or may be just silently do that? What do you think?

P.S. If it was my first upload of a plugin I would probably just silently give up with sharing at all and use it internally.  I wonder how many people actually done and would do the same...

 
Average of ratings: -
It's only an avatar...
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful MoodlersGroup Testers

Well Oleg,

I had the same problem when updating a theme, and the Plugin Database validation committee said it could not be updated, and so I ranted and raved at my computer... Then I posted a question in the theme's forum I think, and was told that I did not need to add any version.php or install.php as it was only a theme, and yet themes are now classed as plugins. So where is the logic in that. It either is or it isn't. So in some respects I have been there where you are...albeit from a different view point.

What is not clear, from HQ, is that although there are lots of interesting things happening to Moodle, and yet the people like you and me who are trying our best to make Moodle better seem to be overlooked thinking that we use ESP to get information about what is new and how these new things work, like the Plugin Database, and what Guidelines (if any) are available and from where.

It has not helped either by the way the Moodle Docs have been moved and re-vamped.  Searching for uptodate information has become, in someways, ever more confusing, with the Moodle docs versions 19, 20, 21, 22, and dev where all the document seem to say the same thing regardless of version.

I too, get frustrated and angry with some of the things happening to Moodle, but I learnt the hard way to keep my comments under control in forums many years ago when I kept getting banned for my outspokenness.

The fact is Oleg, if you are busy and trying to do what you are doing for the benefit of others, and you are stopped by protocols which you have no control over, you either give up and accept defeat, or you go and protest. If you feel strongly enough about things which need changing, then protest to the right people who can change these things, don't rant and rave here on the forums as it is a waste of time, as all you do is create more angst within yourself, which is negative energy and bad for you.

So think positively and perhaps start by creating a (community) tracker issue regarding the Plugin Database and ask for an improvement in the way it works, and also some clarity for its users, based on what you have said here.

I hope this makes sense?

Cheers!!!

Mary

 

 

 

 

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Well, Mary.

These ethics rules are so society-dependent...  Around where I live passionate speeches you called ranting is a correct way to tell you supreiors that they are pushing you over the edge. If you would be polite everyone will assume that you complaints doesn't really matters. thoughtful  (I even been in places where been polite not only seems discourtesy for the society, but is outright dangerous for you.) It seems getting another reaction there, so it was a mistake clown.

I protested. That also have it consequences. I could give up from ranting for just polite answer from Martin. I coudn't give up protest action without getting some results (please vote for issues I filed if you like them - see prev. message). If my protests would be ignored, I should  avoid using new Plugins Directory - maybe forever. That's why I prefer ranting in ifrst place.

P.S. I know pretty much about handling "negative energy", been in need to deal with vast amounts of it. I usually rant more as an actor on the scene - to get attention for the problem and give some humour too - than with serious emotions.smile

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

I suggest you learn a fourth way of dealing with uncourteous behaviour (or, at least, behaviour the seems uncourteous to you): Reply with courteous words and actions.

We need to be the change we wish to see in the world. -- Ghandi

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
 
Average of ratings: -
Picture of Itamar Tzadok
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Imminent danger. The irony is that the plugin repository is, as Martin put it, "for people who want to deal with known stable releases, not bleeding edge code" (my emphsis), and yet in many respects is itself more "bleeding edge code" than a stable release. Moreover we have been "welcome[d] to point experience users to [our] git repository (we have fields for that)". smile

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Well, yes, Itamar - these people gives us a much less stable code to use while forcing our code to be sainter than Pope. wide eyes

 
Average of ratings: -
Martin in black and white
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

Hi Oleg,

Thanks for posting your frustrations.   Many users also have frustrations using old or incorrectly-written (and sometimes very dangerous) plugins too, which is the main problem we are trying to address.

It's by no means perfect yet, but I switched to the new system already because I thought it was important to have something that we could ALL criticise and work on and improve, so thanks for your feedback.  

I want this to be a really high-quality and reliable database that we can base automatic upgrades on later, that's the main reason why we have the validation process.  Modules that do not conform can still be used and published elsewere, but this database needs to have a high standard to avoid problems in the future.  The automatic validation gives this guarantee while also speeding up the initial approval process for new plugins (even so, there are currently 19 plugins with OTHER problems keeping them from being approved).

A few thoughts:

Firstly, the same rules do apply to everyone.  All of the plugins in core have been upgraded quite a lot since 1.9 to make them conform, and this is an ongoing process.  Nothing new gets into core without conforming.  And quite a few of the core developers have also posted their own non-core plugins to the database.

Secondly, yes, our dev documentation sucks.  So much so that we have started an internal project at Moodle Pty Ltd to which will devote all our developers for all of January 2012 to rewriting the entire Developer Docs to make them useful, clear and relevant.  There are three main legs to this: 

  1. new overviews and introduction docs,
  2. detailed consistent API docs, and
  3. an overview/howto for each type of plugin (there will be links to these from each category in moodle.org/plugins)

Thirdly, plugin dependencies were something we added in 2.2, and the Plugins database also supports Sets to link groups of plugins together.  I think it makes sense that developers enter and describe them individually, but something to download a set at once would be a good feature, I think.

Fourthly, we require the code to be uploaded to the database to make sure that we always have the exact bytes that are being rated, evaluated, talked about etc.  It's like apps in an apps store.  Links to auto-zips are just too prone to security problems, regressions and download problems.  It's better for users that you have a defined release process, especially once we have the "Check for updates" feature in Moodle 2.3.

 
Average of ratings:Useful (5)
Ray Lawrence
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group Particularly helpful Moodlers

Martin,

All of this is great news. Many Moodle users look at this database and assume that all is well and it's safe to install add-ins. Although I can understand there are frustrations in this stage of the development of the facility it's definelte ly the way to go IMO. Yes

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Hi, Martin

Many thanks for a long and detailed reply. However, sadly it quite misses the point.

If you read my posts, you should understand that I have nothing against the restriction themselves (apart from them been most easy to check, not most important ones to check) - only to the way they was introduced. Give me tools and docs first - and I would be happy to conform with whatever reasonable restrictions you set in the next release of all my plugins. But conform to the rules now while waiting for necessary docs and tools is much harder.

The rules do not apply to everyone in case of legacy code. Legacy code in Moodle core was allowed to not follow the rules, but legacy code in plugins isn't. That creates two practical problems (aside from ethical ones).

First, some of the required changes may break almost any area of plugin and require thorought re-testing - which is highly undesirable change just before release (when you usually upload you code and get error). That would not be a problem if you get warning that this will be absolutely necessary starting from the next Moodle version.

Second, there is a certain rule core shortanswer question type breaks that isn't in validator yet. My  plugin inherit code from shortanswer (not copy, but real inheritance of several classes to easier merging upstream changes) and so inherits breaking this rule. What am I supposed to do if my plugin will be rejected due to this?

 

Actually all that would be not much of a problem with two simple moves:

a) people could read the complete list of rules they should conform while still developing, not when already submitting release;

b) validator would give only warnings (for the adoption period of the new Plugins Directory software), leaving a human from Moodle HQ to make real decisions in particular cases, hearing appeals from plugin authors. I would fix any errors validator gave me lighting fast if any my user would report a problem due to it. By being rejected by software with no real reason and not knowing requirements in advance is other thing.

Having a) and b) fulfilled is very easy. Even if you do just this, I will rethink my decision about avoiding using new system - I still regret having to make it.

But really, Martin, what reaction you expect from people setting validator as a total necessity to be able to just upload something and get attention to it - when you know well that "It's by no means perfect yet" and "dev documentation sucks"? 

P.S. I fixed all validation "errors" in my code and make sure it passes to the next stage in new database - I just clicked away in protest and placed code in the old database instead (you may look at it or ask Tim if you want to know the quality of my code).

 
Average of ratings: -
Picture of Itamar Tzadok
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Could you list the 19 plugins with OTHER problems keeping them from being approved, as well as the problems? It should be an instructive exercise. Firstly anyone may encounter such problems, and secondly someone may be able to help resolving a problem preventing a plugin from being approved and allow releasing the plugin to the community.

Let me cite one of these OTHER problems just for fun:

I vaguely recall some concerns about the code and want to make sure we get things ironed out well at the beginning so that things can go smoothly.

(my emphsis)

I vaguely remember this note because it was 2 months ago. smile

 
Average of ratings: -
Picture of Dan Marsden
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle Course Creator Certificate holdersGroup Particularly helpful MoodlersGroup Translators

My vote would go against allowing 'legacy' code to be added to the plugins db... That is what our "legacy" modules & plugins db is full of and it's not easy to navigate or find relevant/up-to-date code....

IMO If people want to add to the "new" plugins db - their latest version MUST comply with the new guidelines (good to hear MD's committment to improving the docs around this though)

I've just submitted 3 of my plugins which didn't comply intially and although it was semi-frustrating that the validation rules weren't easily publicised/documented somewhere I understand this is a "new" process and early adopters of any technology are likely to encounter problems.

Of course - once I had uploaded my 'new' compliant 2.x code, nothing stops me from adding links to "legacy" code versions in the description of the plugin. If I was really concerned about the stability that my recent changes introduced I could also post a link to an "older" version of the package - github makes this really easy.

So although it may be initially frustrating I can see a LOT of really good advantages to the process - relaxing the "rules" will make the content in the database less useful for a range of future plans (which look quite promising) - it will be really interesting to see how the review process comes in!!!

 
Average of ratings: -
Picture of Marcus Green
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group Particularly helpful Moodlers

The new database and its validation seems an excellent idea. However it would be good if when a developer uploads they was some warning or links to what is about to happen. Some of the feedback came as a surprise to me. A fairly pleasant surprise really as I like the idea of such a system, but a surprise all the same.

Actually my block (Google Adsense) is pending approval. I re-uploaded it as a new version based on feedback, could someone with the magic take a look, Anthony?

 
Average of ratings: -
Picture of Itamar Tzadok
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

The automated validation of the new plugin repository is indeed a good thing. But the per plugin manual approval is not only ineffective but also a very bad idea, to put it mildly. It confuses the review process with the repository and creates an unnecessary botlleneck in getting contributed plugins to the community. Initial manual approval of the contributor on first contribution is reasonable. But any contributor who already has an approved plugin in the repository should be regarded "trusted" for this purpose. Tim's definition of "Moodle developer" could be instrumental here. If the facilitators can't help being over-protective they can sample contributions and contact contributors with requests for clarifications or modifications. This way, first time contributions are likely to be reviewed and approved much faster. smile

 
Average of ratings: -
Picture of Dan Marsden
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle Course Creator Certificate holdersGroup Particularly helpful MoodlersGroup Translators

Hi Itamar - disagree pretty strongly on that one myself - especially as it isn't a change to the existing process - the old M&P required approval for each plugin.

We still need "someone" to run their eyes over the code submitted to make sure it is actually a real plugin and not some weird bit of Spam or something that doesn't actually do anything and doesn't just duplicate an existing plugin.

You'd be surprised how many times I've deleted spam SCORM packages uploaded to the SCORM repository that would pass an initial validation check (they are valid SCORM packages) but when loaded in the browser the packages just included redirects to an external site. It could be easy for someone to upload a "valid" but "rubbish/spam" package.

 
Average of ratings: -
Picture of Itamar Tzadok
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

I don't think there is any substantial disagreement between what you say and what I've proposed (with one exception; see at the end). To quote myself:

"Initial manual approval of the contributor on first contribution is reasonable."

I doubt that there will be many cases of contributors who make the effort to pass the initial approval with a true plugin just to spam the repo. And in any case, the facilitators should be able to block such a spammer.

I do object, however, to the reasoning of "it isn't a change to the existing process - the old M&P required approval for each plugin". By the same reasoning we should have stayed with Moodle 1.9. smile

 
Average of ratings: -
Picture of Dan Marsden
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle Course Creator Certificate holdersGroup Particularly helpful MoodlersGroup Translators

Personally I would still prefer to have a real person actually check/validate a plugin - I wouldn't be surprised to see a developer submitting the same plugin more than once. - one for each "version" ...

 
Average of ratings: -
Picture of Itamar Tzadok
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

That's fine. It may still be reasonable to allow Moodle developers to ask the facilitators to check/validate them on a plugin basis. I'm pretty sure that other Moodle developers would as reliable with only one initial check/validation. smile

 
Average of ratings: -
Martin in black and white
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

Just as a note to make sure everyone is on the same page: currently the human approval process is only required for the very first time a new plugin is added to the database.   (Anthony Borrow has this job).

I think this is necessary.  It's trivial for anyone to download a plugin, change all the names and re-upload it to the database (for example).  perhaps including some virus or spam, or something more sneaky.  Book+ module, anyone?  Yeah, sounds awesome!

Unlike the old M&P database, subsequent versions of a plugin do not require human approval.  This is to maximise conveneince to developers, so you can release new versions instantly now and make updates any time.  But they are labelled as updates and we have full history on all changes in case problems come up.

 
Average of ratings:Useful (2)
Picture of Itamar Tzadok
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Sorry for the persistence but it's as trivial to anyone to upload a new version of an approved plugin, perhaps including some virus or spam, or something more sneaky. This just can't be the reason for insisting on a per plugin human approval instead of first contribution human approval. smile

 
Average of ratings: -
Picture of Marcus Green
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group Particularly helpful Moodlers

I was listening to the Guardian Technology podcast

http://www.guardian.co.uk/technology/series/techweekly

And this has apparently been happening in the world of Android. People create a moderatly useful and non malware app and it gets widely downloaded. Then the produce version 1.1 and large numbers of phones are owned by the bad people.

While it may seem unlikely to happen to Moodle at the moment it is not impossible.

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

I don't think this manual approval is going to be particulary effective in prevention malware code at all. For example my question type contains two custom implementations of regular expresion matching - and I heard of even more complex code in some plugins. I'd like to see who is going to examine all that code carefully and determine whether it contains malware, security risks and serious bugs or not... It is very likely to be formal inspection, revealing only slight portion of dumbest attacks or security errors.

So I'm not particulary sure this process gives us more benefits than harm. Such problems could be solved on another basis, using reviews (from good experts for popular plugins maybe), instead of blocking plugins at all without approval, which tends to make approval very superficial in nature.

 
Average of ratings: -
Picture of Matt Gibson relaxing in the Alps
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
 

A good solution here may be to set a reputation based barrier for unmoderated approval so that only trusted communiy members can add code without review.

People could earn trust over time e.g. by posting lots of useful form stuff or being a moodle.org user for X amount of time, or having submitted X previous known-good plugin versions, or some combination of all three and more. This is a model that works well for stackoverflow.com whereby people who have made many useful contributions to the site gradually gain more admin privileges automatically. This is a big investment of time and effort and would be an effective deterrent to would-be spammers/malware pushers.

 
Average of ratings:Useful (1)
Picture of Marina Glancy
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle HQGroup Particularly helpful Moodlers

Hi Matt,

there is already a role on moodle.org, something like 'Trusted contributor' and these users are allowed to upload plugins without manual approval. 

 
Average of ratings: -
Picture of sam marshall
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful MoodlersGroup Testers

Manual approval, if done properly, will definitely prevent some malware. In order for malware to be effective you have to create something that people will want to download. There are basically three options for this:

1) Actually create a useful plugin that works.

2) Pretend to create a useful plugin (in the name, description), but in fact once you install it just does malware stuff.

3) Copy an existing plugin (so that it is useful and works) and modify it to add malware, giving it a name like 'Book+'. (This is the usual approach on Android Market, for example.)

Options 2 and 3 should be spotted by manual inspection.

If you are willing to go to the effort of creating a new and genuinely useful plugin just to distribute your malware then this might well slip by, but most malware developers are not in that position. You would have to be pretty careful to slip your nasty code (the bit that uploads the user table to a remote server, or whatever) into a place where it won't be spotted with a 'glance' type of code review.

--sam

 
Average of ratings: -
Picture of Itamar Tzadok
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

The whole question is whether 'done properly' is properly defined.

I doubt the implied effectiveness of a 'glance' type code review. The fact that any software constantly contains bugs and even security bugs in core components goes to show that even a thorough type code review is never effective enough. And indeed all these softwares come with disclaimers.

The situation here is no different. No approval procedure could be effective enough (not only due to lack of resources which will always be in effect). It remains the responsibility of users which plugin to download and install.

There should be one initial phase of human approval of a contributor after which the contributor can upload to the repository any contribution that passes the auto validation.

The repository facilitators can establish any procedure the see fit for including a plugin in the automated updating system (and even then they will not assume responsibility for malware missed by the procedure). smile

 
Average of ratings:Useful (2)
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

There should be some way around waiting getting approval for existing, well establiished and widely known plugins - there is a lot of these and I don't think Moodle HQ could process/approve them all fast. Itamar was right about bottleneck.  Maybe there should be some way to bypass usual validation - like having Moodle Partner voting for you plugin (or maybe big University which you don't affiliated with).

For example I have a Moodle Partner asking me for 2.1 release of my qtype on the name of two unnamed "big universities" as not having it for 2.1 "is quite a blocker" for them - that's don't counting other people asking for new release - am I and all them supposed to wait for release along with newbie plugins until some people from Moodle HQ would take time to look at my code? When it's runned in production mode with hundreds of students already?

 
Average of ratings:Useful (1)
Picture of Jean-Michel Védrine
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Hello Martin,

As Oleg I am working on question types.

I understand the change from question_ to qtype_ tables names was done with good reasons. It cause no problem for NEW questions types but for 3rd party developpers with EXISTING questions types it is a nightmare. The best proof of this is that Tim was not able to do it for core questions types wink !!!!!!!!!!

I simply can't do it and maintain old and new versions of the questions types, I simply don't have to time to do so. But rather than "ranting" in the forums, I choose not rename my tables, and not to submit any of my questions types in the new plugins database. After all Moodle users wanting to use them can find the zip files I submitted in the forums or send me a mail. smile

 
Average of ratings: -
Picture of Dan Marsden
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle Course Creator Certificate holdersGroup Particularly helpful MoodlersGroup Translators

it shouldn't really be a nightmare.... it can be a bit of work searching through places where you refer to the old table name, but with a good IDE this should hopefully be relatively quick.

The upgrade code to change a table name is pretty easy too, here's the patch on one of my plugins that involved a db name change to pass the plugin validator - this change took me under 15min and then a bit of testing to confirm I hadn't missed anything.
https://github.com/danmarsden/moodle-plagiarism_turnitin/commit/6b9c3febd0bed1eb3e0c93c4cd009cffc71412c8

 
Average of ratings: -
Picture of Marina Glancy
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle HQGroup Particularly helpful Moodlers

+1 to Dan. Changing table names would have taken less time than it was spent here on discussing.

+1 to Oleg, we should write a document on our validation rules. And we will shortly! Спасибо за столь подробный отзыв smile

 
Average of ratings: -
Picture of Jean-Michel Védrine
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Changing table names would have taken less time than it was spent here on discussing.

Completely wrong angry Please Marina, don't say that without knowing the questions types I am working on. I have many questions types to do (including some very complicated ones) so this is certainly not a simple search and replace but many search and replace. Additionnaly I must include the time to verify I didn't broke anything in each plugin and that the upgrade procedure is working in each plugin. And contrary to many people posting in this thread I don't do this for money (never earned a single $ with my code ), just as a service to Moodle users.

I think my messages in this thread were polite and didn't include any ranting but I don't like when people think they know better than me about my work and code.angry

 
Average of ratings: -
Picture of Jean-Michel Védrine
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

I will spend some more time to explain what would have been the good solution IMHO to this problem.

Allow for now questions types plugins both with question_ and qtype_ tables' names in the plugin database

Write somewhere (in the very needed "rules for validation") the rule that this change will be mandarory for Moodle 2.3.

Simple and effective !!

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Yes. The system should be more relaxed about qtype plugins. I created MDLSITE-1621.

However, I don't think it is fair to expect Marina to know all the historical idiosyncracies of all the 30+ different types of Moodle plugin - at least not yet. I expect she is learning fast wink

 
Average of ratings:Useful (1)
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Hi, Marina 

"Changing table names would have taken less time than it was spent here on discussing." - changing table name may be easy, making sure nothing it's broken by the change takes much time. That why it is very desirable to do this when you starting new development cycle for new version - with plenty of time to spot possible bugs and regressions - instead of time when submitting a working release.

I've created MDLSITE-1622MDLSITE-1623MDLSITE-1624MDLSITE-1625 documenting necessary changes.

P.S. Пожалуйста smile Приятно увидеть знакомую речь heart, хотя я тут как-то привык по английски - даже переводчикам на русский как-то на английском жалобу написал big grin

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

I don't understand Marina resolving feature requests MDLSITE-1625 and MDLSITE-1623 right away with strange resolution "Not a bug".  surprise

Martin said MDLSITE-1625 is a good idea on the forum, two people voted for it right now - and then it just got resolved, instead of lefting open to gather votes etc.

Should I take this resolutions as "We aren't going to solve this at all!!!" ? I could see not other interpretation of such action (unless Marina don't accustomed to the tracker).  As Marina ignoring my comments on the tracker, I should ask it publicly in the forum.

Second question is - have we public read-only repository of Moodle Plugins Directory code? As it heavily interests developers in first place, I think we could help enchancing it if needed. But first we need to have access to the code...

 
Average of ratings: -
Picture of Marina Glancy
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle HQGroup Particularly helpful Moodlers

Oleg, MDLSITE-1623 will not be fixed. I will deal individually with particular validation exceptions like "question" prefix. 

I talked with Martin about MDLSITE-1625. We might do it but not in the close future. It just saves user couple of mouse clicks but is a lot of work for us. There should be a workflow proving that particular versions of plugins do work together. If it makes you happier I can reopen the issue but don't expect it to be implemented soon.

Source code of plugins database also will not likely to be open in the close future. I attached the soure of archive validator to MDLSITE-1622 and will write the dev doc this week.

 
Average of ratings:Useful (1)
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Marina, it would be better to reopen MDLSITE-1625 and not only to keep me happy. It's a usual thing for a request that would be implemented some time (years or something) later to remain open in the tracker. For one thing it allows for people to vote for it, showing their interest. It also remind all involved that the request still persist and have to be dealt with some time.

It is also not so trivial matter for the users. Even if it requires several clicks and there is a packet which brings links close, there would always some users that don't install all needed plugins - don't read docs or something. And they get frustrated and write to developer (or just abandon plugin as buggy) and developers have not very exciting task of describing each such person what need to do. This is quite a bother for both users and developers, so it's much easy when you distribute something in one package. (Try distribute Moodle on per-core-plugin basis and you'll learn this soon enought wink ).

It may be easier to not modify validator thought, but create such packages inside Plugins Directory from individual ones for the packet. It may be both easier and safer to do this (quite easy since you already have all the files, just generate zip with needed subfolders for packet). For such discussion of how better implement it we also need tracker issue open.

As for sharing code, it's up to you - either share and get help or write it all youself.

 
Average of ratings: -
Picture of Oleg Sychev
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Marina wrote,

"Oleg, MDLSITE-1623 will not be fixed. I will deal individually with particular validation exceptions like "question" prefix."

OK. But if you are going to deal with such exceptions individually you sure want for the people to know it is you whom they supposed to contact about such cases?

I rewritten MDLSITE-1623 to place a description and link on the plugin upload page whom people should contact if they have troubles with validator or think they have a reasonable exception case.  It's not hard at all, could this please be done?

 
Average of ratings: -
Picture of Jean-Michel Védrine
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

Hello Dan,

I disagree.

Changing table's name is of course doable but I am not a developper, I am only a poor teacher with so many things to do and so little time to do them. Additionnally after doing the change you must verify that you didn't break anything and "confirm you hadn't missed anything"

Given the choice between (for instance) :

  • the boring and uninteresting task of changing questions table's names (that is algebra, formulas, jme, dragmath, ...)
  • working on solving MDL-25492 wich despite been labeled as moodlerooms, partner, triaged, ... was not worked on by anybody at Moodle HQ for years

I clearly choose the 2nd wink

Maybe I am wrong but I think Tim has exactly the same position : contrary to what I said in my previous message the problem isn't that he was not able to do this change, but that given his workload he think that has a lot of more interestings and more importants things to do and that is why he said "Some time, I will rename all the core question type tables to match the new naming scheme, but I am going to wait until they say something like "to upgrade to Moodle 2.3, you must already have Moodle 2.2", because that gives us a clean break in the upgrade process at which to make the change". I could not have said it better big grin .

So I will stay on my position and don't submit my questions types. But of course if it such a simple task, anybody wink is free to take my files and make the change big grin after all this is how open source works !

But again I think the decision to make the change to qtype_ tables' names mandatory TODAY rather than waiting was very infortunate sad.

 
Average of ratings: -
Picture of Dan Marsden
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle Course Creator Certificate holdersGroup Particularly helpful MoodlersGroup Translators

Hi Jean-michel,

in terms of 'qtype' vs 'question' - I agree it would have been nice to have done that a bit earlier and better documented! - MD agrees above too: "our dev documentation sucks" - looks like Tim has submitted a bug to adjust the validator rules a bit which is great!

Are your plugins already in github? - perhaps someone might even volunteer to help with the change - it's a lot easier for others to contribute if it's in github - you can fork code, make changes and submit a pull request to the original author - then you can look at the code, comment on it, or just hit a big "merge" button and have it update your codebase.

if you're using github - please give us a link!

 
Average of ratings: -
Davo
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Particularly helpful Moodlers

I've been reading the discussion here with some interest and though it was about time to add my own contribution, which is to make a start on the documentation which so many people seem to be asking for.

I've only spent 20 mins or so on it and it is just the rules I can remember off the top of my head, so there are probably mistakes (and certainly ommisions). But if everyone adds on the bits that they've discovered (or the developer of the validator jumps in and helps out - I'm afraid I can't remember which developer wrote it), then we should have it finished pretty quickly.

The entry is here: http://docs.moodle.org/dev/Plugin_validation

Davo

 
Average of ratings:Useful (6)
Picture of Marina Glancy
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
Group DevelopersGroup Moodle HQGroup Particularly helpful Moodlers

Davo, thanks A LOT for creating a document! I will update it with other validation rules that plugins database use and we will link to it from 'Register new plugin' page. MDLSITE-1621 will be fixed shortly.

 
Average of ratings: -
Onno
Re: New Moodle Plugins Directory: maximum validation and minimum convenience. Why?!
 

Hi,

Would it possible to show the backlog of plugins waiting to be approved? This would give developers an idea of how busy the person doing the approving is.

Right now I'm waiting for my own local plugin (Soda) to be approved, but I have no idea what the status is. And of course I can't wait to see it appear in the plugins directory. wink Hence the suggestion.

Cheers,

Onno

 
Average of ratings: -