Why oh why

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
Tread
Registered User
Posts: 39
Joined: Thu Nov 14, 2019 9:52 pm

Why oh why

Post by Tread »

I'v seen a few posts advising members not to install extensions from other sites but here phpbb.com can i ask why ?

Have some of the extensions here been installed and tested ? i figure they have not as some are just plain crap but others get turned down from here and released on other sites and are pretty smart.

It would seem if your name dont fit you get turned away from here.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3789
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: Why oh why

Post by thecoalman »

Time for some history.

During the phpBB 2 era it was the wild west and you could pretty much just post a mod. Bugs and security issues were addressed by the community. phpBB2 itself suffered from a bad reputation for security and that was compounded with a lot of mods that created their own security issues. Other issues including support where the mod was causing an issue that wasn't easily determined or in a few cases they made such large changes to the database it was difficult or impossible to move forward with an upgrade. It's fine if you understand the risks or complications which also means you know how to fix it but most people using this software don't.

One focus of the lead developer AcydBurn for the original phpBB3 was security which lead to three things. First they went back and fixed many problems in phpBB2 while phpBB3 was still under development. Second phpBB3 has outstanding track record for security because of that focus. Lastly they implemented validation of mods which are now called extensions. This helps insure their security, helps prevent any unforeseen issues with support and going forward with updates/upgrades.

The downside to this is some third party developers of extensions may not want to go this process. That doesn't mean there is something wrong with their extension but it doesn't mean it's right either. If you download something from here you know it's been reviewed and gone though the validation process. If you want to install extensions from other sources you are free to do that but just be aware there are potential risks and complications. You don't want to be the guy trying to upgrade phpBB2 to 3 only to find out there is no upgrade path because of that mod you installed a few years back.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
warmweer
Jr. Extension Validator
Posts: 4821
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Why oh why

Post by warmweer »

thecoalman wrote:
Thu Jun 18, 2020 10:36 pm
...That doesn't mean there is something wrong with their extension but it doesn't mean it's right either. If you download something from here you know it's been reviewed and gone though the validation process. If you want to install extensions from other sources you are free to do that but just be aware there are potential risks and complications.
Probably worth mentioning that extensions validated on phpBB (and downloaded from phpBB only) are tested thoroughly (code wise and usage) and won't create an invisible account that could take over your board. Any external and unvalidated extension could in theory include the creation of a user allowing highjacking (or defacing) of your board.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
Tread
Registered User
Posts: 39
Joined: Thu Nov 14, 2019 9:52 pm

Re: Why oh why

Post by Tread »

Well i guess this one got missed yes it's in the dev section but i got it from here viewtopic.php?p=15355981#p15355981

I am no coder but i can see this is a mess and i and many other's would have thought a staff member would have checked it out.
User avatar
warmweer
Jr. Extension Validator
Posts: 4821
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Why oh why

Post by warmweer »

Tread wrote:
Thu Jun 18, 2020 11:56 pm
Well i guess this one got missed yes it's in the dev section but i got it from here viewtopic.php?p=15355981#p15355981

I am no coder but i can see this is a mess and i and many other's would have thought a staff member would have checked it out.
It's in DEV, not even RC so ... (and I don't know the author but everyone has to start somewhere, anyway, a RC is "use at your own risk", a DEV is "use at your own peril" 8-)
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
User avatar
EA117
Registered User
Posts: 1693
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Why oh why

Post by EA117 »

Perhaps also take a peek at Extension Development Forum Rules for an idea of what goes on in the "Extensions in Development" forum you linked to for the "Sidebar" extension.

When "a validation process" was indicated earlier, it was in reference to extensions submitted for download from https://www.phpbb.com/customise/db/extensions-36
User avatar
david63
Registered User
Posts: 17976
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Why oh why

Post by david63 »

Tread wrote:
Thu Jun 18, 2020 9:48 pm
It would seem if your name dont fit you get turned away from here.
I can assure you that that is not the case. Nobody, unless they break the rules, gets turned away - some people just choose a different path.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
Lumpy Burgertushie
Registered User
Posts: 67926
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Why oh why

Post by Lumpy Burgertushie »

and some extension developers are not willing to live up to the standards that phpbb.com requires in order to maintain its
security reputation.

therefore, their efforts will not be validated and available from here.
so, if you choose to use one from some where else, it is at your own risk and support here will be minimum at best.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
AmigoJack
Registered User
Posts: 5745
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Why oh why

Post by AmigoJack »

warmweer wrote:
Fri Jun 19, 2020 12:23 am
It's in DEV, not even RC
Part of the problem is also that abbreviations and terms are used quickly without actually explaining or defining them. There aren't many end users (speak: non-coders) who are aware of what DEV stands for and what it means, and what difference it makes to RC. The forum description itself neither explains this nor has a link to further details aimed at users - only the developer target audience will follow Extension Development Forum Rules where indeed most abbreviations are explained (but then again not having users in mind, only developers).
  • DEV = Development: software is still in the making - it may be usable in to some extent, but without any warranty at all - you're actually just testing it, or you wait until you can even run it at all.
  • Alpha = First: software is handed out in an unfinished state, but in overall it is considered working. Done for letting a larger audience do testing.
  • Beta = Second: software is (still) handed out in an an unfinished state and is considered to be working good. Done for letting a larger audience do testing.
  • RC = Release Candidate: software is handed out and considered finished. The difference to an an actual release? Programmers still want feedback to see how many (if any at all) problems are reported. Multiple release candidates may happen.
  • Release: software is handed out officially, together with a version number.
  • Update: software in a newer minor version (i.e. from 3.2 to 3.3). May be handed out separately, should not break existing features and primarily fix bugs.
  • Upgrade: migrating software to a newer major version (i.e. from 2.4 to 3.0). Most likely it results in uninstalling the old, then installing the new version, plus carrying over settings and user content as good as possible.
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.
User avatar
P_I
Registered User
Posts: 1199
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Calgary
Contact:

Re: Why oh why - the world of extensions

Post by P_I »

AmigoJack wrote:
Fri Jun 19, 2020 12:32 pm
  • RC = Release Candidate: software is handed out and considered finished. The difference to an an actual release? Programmers still want feedback to see how many (if any at all) problems are reported. Multiple release candidates may happen.
From my experience there are far too many Extensions in Development that seem to get to RC and then stall and never advance to Release and therefore to phpBB • Extensions - Customisation Database.

And remember, the subtext of the Extensions in Development says "No Extensions within this forum should be used within a live environment!", which I adhere to for my boards.

I'm mystified why an extension developer would get to the RC status and then not push onwards to get the extension validated and released, but unfortunately that seems to be a very common case. Yet often links to Extensions in Development are posted as solutions to questions about how to add functionality to live boards, despite the "No Extensions within this forum should be used within a live environment!" notice (warning?).

I completely understand that like phpBB software, the development of extensions is completely a volunteer effort, but somehow the whole community needs to rally and hopefully push many of those RC extensions over the finish line to get them released.

My $0.02 as a grateful phpBB user and board admin who appreciates all the efforts of those in the phpBB development community and your commitment to open source software.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
User avatar
david63
Registered User
Posts: 17976
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Why oh why

Post by david63 »

P_I wrote:
Fri Jun 19, 2020 12:59 pm
I'm mystified why an extension developer would get to the RC status and then not push onwards to get the extension validated and released
Each extension developer will have their own reasons. There are some who do not agree with the validation process as it becomes restrictive. For example if after release a small bug is found then the only official way to deal with it is to create a new release and depending on the number of extensions waiting to be validated and the workload of the validation team can often take two or three months.

Others will argue that the validation process is too exacting in that extensions get declined for some quite minor reasons which really do not affect the extension at all.

Then you will have some extension developers who wish to monetise their extensions which is not allowed with validated extensions.

Another reason is that some extensions will fall outside of the extension "rules" and would never get validated no matter how good the coding is.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21161
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Why oh why

Post by RMcGirr83 »

P_I wrote:
Fri Jun 19, 2020 12:59 pm
I'm mystified why an extension developer would get to the RC status and then not push onwards to get the extension validated and released, but unfortunately that seems to be a very common case.
Could be for a few reasons
  1. RC status is set by the developer in that forum based on their belief that the code is good to go
  2. They may or may not have submitted it to the DB (which has its own peculiarities for submission)
  3. They may get tired of waiting for validation to occur (seems to take quite a while...sometimes many months)
  4. Some of the reasons for being denied can be a bit benign and trivial
  5. Due to above they simply toss up their hands and give up
I completely understand that like phpBB software, the development of extensions is completely a volunteer effort, but somehow the whole community needs to rally and hopefully push many of those RC extensions over the finish line to get them released.
Then, IMHO, the community needs to step up and assist or ask how they can do so to get the extension to pass validation (which very rarely occurs).

I would also add that I believe the extension team should step up as well as many items that failed can be easily rectified by them (I know as I have done so previously to assist the author in getting their extension approved). Many times the reason for the denial will be stated with no feedback from the validation team on how they would like to see it fixed. So the author makes changes to the code, re-submits and is hit again with a denial with again no feedback.

It's easy to say so-and-so is wrong, it's more difficult to provide a solution or suggest one.

That would certainly cause some to just go "meh, I tried" and give up.
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions | My extensions are updated regularly on github
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored
User avatar
P_I
Registered User
Posts: 1199
Joined: Tue Mar 01, 2011 8:35 pm
Location: Staying home - Calgary
Contact:

Re: Why oh why - the world of extensions

Post by P_I »

david63 wrote:
Fri Jun 19, 2020 1:11 pm
Each extension developer will have their own reasons.
RMcGirr83 wrote:
Fri Jun 19, 2020 1:20 pm
Could be for a few reasons
Thanks to both of you for the explanations and insight that you've provided. It definitely helps understand the current situation.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
Tread
Registered User
Posts: 39
Joined: Thu Nov 14, 2019 9:52 pm

Re: Why oh why

Post by Tread »

Probably worth mentioning that extensions validated on phpBB (and downloaded from phpBB only) are tested thoroughly (code wise and usage) and won't create an invisible account that could take over your board. Any external and unvalidated extension could in theory include the creation of a user allowing highjacking (or defacing) of your board.
To be fair no one can really take/steal a board its as simple as going to cpanel and doing a database restore.
Yes they might make an account but thats phpbb they wont get cpanel access/details to where the cream and action is from phpbb acp.
User avatar
david63
Registered User
Posts: 17976
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Why oh why

Post by david63 »

Tread wrote:
Fri Jun 19, 2020 1:46 pm
To be fair no one can really take/steal a board
All extension developers will have total access to your database and an unscrupulous developer could, in theory, extract that data without you knowing about it. They could also "steal" usernames and passwords and use then to then access the ACP. They can also access email addresses and could totally destroy your board (that's easy as most developers will have done it at some point when creating an extension) and as we know many users do not backup their board(s).
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
Locked

Return to “phpBB Discussion”