DavidIQ wrote:First off if you've ever sent in your MOD with just a MODX update and a phpBB version update you've likely been denied. We will no longer deny such updates as long as the phpBB version is updated as well. We will not, however accept a MOD update that is just for MODX. We are changing this "unwritten" policy because we realize that there is a drop-down in the MODDB that shows what phpBB versions the MOD applies to and this can only be updated if you submit an update to your MOD. This will also help reduce the constant onslaught of questions about if the MOD works on the current version of phpBB.
This really makes sense, I've always found it kinda annoying that in order to update your MOD for a new phpBB version, that you only could do that by changing the MOD (which in a lot of cases isn't required)
. Just a quick question though, I assume that these kind of updates are pushed to the bottom of the queue, or can you add a note about it in the "Validation Notes" so that the update can be "insta-approved", as there is only a version change it makes sense to allow that as well instead of pushing them into the queue.
Code: Select all
First off all how do you validate remote .js? The file content that is on the remote server at the time of the validation doesn't necessarily have to be there (for example) 3 months down the line. What happens if the remote server goes down and with that break the MOD (or a server/domain/file move for what its worth)
. This is IMHO a *really* bad idea and please don't allow it, by allowing this you'll take away control from the board owner with all the problems that come with that.
DavidIQ wrote:Do we allow remote inclusion of js only from a list of approved sources? If so then what sources would the list contain?
Besides the issues pointed out above (which apply to all remote sources, yes for some more than others)
, I don't think you'll be able to create a valid list of "approved sources". Why would you include google.com/xxx.yy but not erikfrerejean.com/xxx.yy? Because the latter isn't controlled by a multinational? Because the content on my server for some reason is less trustable than something on google's?
, as for controllability (the remote server goes down, my board potentially breaks)