Can we implement trusted updates in the styles database?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
User avatar
PlanetStyles.net
Former Team Member
Posts: 4747
Joined: Wed Nov 04, 2009 11:16 pm
Location: UK
Name: Christian
Contact:

Can we implement trusted updates in the styles database?

Post by PlanetStyles.net »

https://www.phpbb.com/customise/db/queue-stats/style

Few problems here:
  • No one enjoys styles validation
  • There doesn't appear to be much growth in the customisations team
  • Queue submissions are made faster than they can be cleared, particularly in months where there is a maintenance update
This has not been a sustainable model for a long time.

What is necessary to persuade the phpBB team to adopt a system where: only the first x submissions / updates are validated, and then submissions or authors move to a 'trusted' state, where submissions and / or updates are approved automatically?

Is there anything else that could be considered to relieve the ever-worsening styles approval delays?
User avatar
warmweer
Jr. Extension Validator
Posts: 6544
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Can we implement trusted updates in the styles database?

Post by warmweer »

PlanetStyles.net wrote: ↑
Fri Feb 12, 2021 1:05 am
...
What is necessary to persuade the phpBB team to adopt a system where: only the first x submissions / updates are validated, and then submissions or authors move to a 'trusted' state, where submissions and / or updates are approved automatically?
I think a "trusted" state comes by itself, but that shouldn't include automatic approval at all. The idea by itself isn't sound even (and with your experience, you must have come across situations where you didn't even notice your own small mistakes (typos, an oversight through habit, or just bad luck - it happens to everyone)

Looking at myself; I think I've built up some credit over the years and in quite a few support topics I've been able to give sound advice. However just yesterday or the day before I actually posted some dangerous advice (which could have been OK for really seasoned users but in this case was totally inappropriate - luckily an alert moderator noticed it and edited my post).
Doublechecking may be time-consuming, but shouldn't be skipped.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
User avatar
PlanetStyles.net
Former Team Member
Posts: 4747
Joined: Wed Nov 04, 2009 11:16 pm
Location: UK
Name: Christian
Contact:

Re: Can we implement trusted updates in the styles database?

Post by PlanetStyles.net »

warmweer wrote: ↑
Fri Feb 12, 2021 7:39 am
PlanetStyles.net wrote: ↑
Fri Feb 12, 2021 1:05 am
...
What is necessary to persuade the phpBB team to adopt a system where: only the first x submissions / updates are validated, and then submissions or authors move to a 'trusted' state, where submissions and / or updates are approved automatically?
that shouldn't include automatic approval at all. The idea by itself isn't sound even (and with your experience, you must have come across situations where you didn't even notice your own small mistakes (typos, an oversight through habit, or just bad luck - it happens to everyone)
Indeed. I published a Milk update a few days which contained a few bugs. Nothing dangerous, just a few oversights. People reported them, they got fixed.

ThemeForest operates on a basis that anyone who reaches Elite status ($75,000 gross sales) is able to update their products without review. I achieved this nearly a year ago, and it hasn't been to the detriment or quality of the product.

If we consider "trusted" in the context of "trusted to update their own items, and trusted to do something about it if a problem arises" , as opposed to "trusted to never make a single mistake", then the whole concept becomes much more workable.

There's very little that gets pulled up in styles validation that would open a vulnerability on a user's forum. But till, everything has go through a manual review process by unmotivated people who have no incentive to do that work (apart from a colourful username).

It seems like we either need to move to unrestricted updates, or scale up the CDB team. This state of limbo and month+ long validations is not sustainable.
User avatar
RMcGirr83
Former Team Member
Posts: 21913
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Can we implement trusted updates in the styles database?

Post by RMcGirr83 »

PlanetStyles.net wrote: ↑
Fri Feb 12, 2021 5:37 pm
This state of limbo and month+ long validations is not sustainable.
It isn't just styles.

https://www.phpbb.com/customise/db/queu ... /extension

But extensions should be validated as security issues can be introduced...it just shouldn't take a month for some action.
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Appreciate the extensions/mods/support then buy me a beerImage
User avatar
GanstaZ
Registered User
Posts: 834
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: Can we implement trusted updates in the styles database?

Post by GanstaZ »

Hmm.. don't know much about style validation part, but most style updates don't have many changes, so validation shouldn't take a lot of time. Specially, if it's just an update for latest phpBB release.. If it is some other update, like bug fixes or modifications or additions, then it's another story as it may take more time to test it. Maybe with styles something could be done in so called auto way, but with extensions it is not that simple. There is always a way to lend a hand and help out the team with validations or to suggest an alternative way. Either people don't have much free time to test or there is not enough man-power to do it.. Hard to say.
"When answer lies in the question,.. question becomes redundant!"
User avatar
EA117
Registered User
Posts: 2068
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Can we implement trusted updates in the styles database?

Post by EA117 »

I tend to agree with Christian's "trusted to want to release a quality product, and trusted to do something about it when an issue is found" as being a status that could warrant auto-approval. A status which of course could become revoked, too, when evidence to the contrary begins to exist.

I'm not sure whether the current prioritization is first-in-first-out or something else. But if auto-approval isn't something we're ready to warm up to, maybe total cumulative downloads of a style need to be treated as "votes" for what should be at the head of the validation queue? Meaning "If you only have time to validate one style submission, which one should it be?"

But auto-approval certainly seems like a lot less muss and fuss. We have a similar thing in Windows kernel-mode driver signing too, where we have to raise our right hand to Microsoft and promise that we will test everything to the best of our ability, and to be responsive to any issues that are found, in order for Microsoft to sign our drivers without actually going through the normal testing suite.
User avatar
david63
Registered User
Posts: 19067
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Can we implement trusted updates in the styles database?

Post by david63 »

One thing that has to be considered is that anyone can create a style (well anyone with the ability!) and post it anywhere on the Internet meaning that anyone else can download it and use it. Basically the same applies to any validated style.

The problem here is that we want to have it both ways - an approved style that can be updated quickly where there is a bug fix required. I also agree that with the majority of updates (not upgrades) that the changes to a style are minimal - in fact I suspect that in some instances it is literally changing the version number.

I would also hazard a guess that this is one of the reasons why some developers do not submit their styles to be validated.

However I can see the problem from phpBB's perspective that if they are putting their name to something then it has to meet their standards as even with "trusted" developers errors can creep in.
EA117 wrote: ↑
Sat Feb 13, 2021 2:07 am
maybe total cumulative downloads of a style need to be treated as "votes" for what should be at the head of the validation queue?
Cannot agree with that. It would mean that someone creating a new style, be that a trusted developer or a new developer, could have to wait months to get validated which only leads to frustration.

The bottom line here is that there needs to be more testers/validators to get through the load quicker. Whether this is a problem with members volunteering or whether it is the selection process I cannot say.

Incidentally the same issues relate to the validation of extensions.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
PlanetStyles.net
Former Team Member
Posts: 4747
Joined: Wed Nov 04, 2009 11:16 pm
Location: UK
Name: Christian
Contact:

Re: Can we implement trusted updates in the styles database?

Post by PlanetStyles.net »

david63 wrote: ↑
Sat Feb 13, 2021 8:40 am
The problem here is that we want to have it both ways - an approved style that can be updated quickly where there is a bug fix required. I also agree that with the majority of updates (not upgrades) that the changes to a style are minimal - in fact I suspect that in some instances it is literally changing the version number.

I would also hazard a guess that this is one of the reasons why some developers do not submit their styles to be validated.
Absolutely. There are a few authors who submit their works to 3rd party download sites but don't bother submitting to the CDB.

And I'm not surprised. The most painful part of any phpBB release is not updating my themes, but trying to get them through the CDB. It is a long wait time, compounded by inconsistent reviewing where someone will find a colour that's slightly wrong, or a margin slightly out of line that's been present for the last 3 versions, or the logo.psd file was in the root directory instead of the contrib folder. Really big issues :roll:

It makes me wonder: In the context of styles only (I'm not qualified to comment on extension approvals), what is the purpose of the customisations team? I've sold over 5,400 commercial theme licenses with an average 5* rating. My free styles have amassed well over 400,000 downloads from the CDB alone (not counting phpBB3styles.net and others). So I consider myself competent enough to fix any issue that is raised and don't require coding guidance. And if the purpose is bug-finding, the power of many users will achieve that much faster than one single reviewer. Let's cut out the middle man and streamline the process for everyone. Please! Nobody is benefitting from the current arrangement.
david63 wrote: ↑
Sat Feb 13, 2021 8:40 am
However I can see the problem from phpBB's perspective that if they are putting their name to something then it has to meet their standards as even with "trusted" developers errors can creep in.
Well, unless it's an official phpBB style, I'm not sure what phpBB would be putting their name to. It's my name that goes in overall_footer for style attribution Β―\_(ツ)_/Β―
User avatar
PlanetStyles.net
Former Team Member
Posts: 4747
Joined: Wed Nov 04, 2009 11:16 pm
Location: UK
Name: Christian
Contact:

Re: Can we implement trusted updates in the styles database?

Post by PlanetStyles.net »

It seems even the phpBB team have lost interest in reading the forums, as well as styles validation :(
User avatar
KaileyT
Community Team Member
Community Team Member
Posts: 2933
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Truscott
Contact:

Re: Can we implement trusted updates in the styles database?

Post by KaileyT »

PlanetStyles.net wrote: ↑
Thu Feb 18, 2021 5:46 pm
It seems even the phpBB team have lost interest in reading the forums
Just because we don't post doesn't mean we aren't reading the forums. ;)
Kailey Truscott - Community Team
User avatar
3Di
Former Team Member
Posts: 16174
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano 🇮🇹 Frankfurt 🇩🇪
Name: Marco
Contact:

Re: Can we implement trusted updates in the styles database?

Post by 3Di »

PlanetStyles.net wrote: ↑
Mon Feb 15, 2021 5:13 pm
It makes me wonder: In the context of styles only (I'm not qualified to comment on extension approvals), what is the purpose of the customisations team?
To approve or not to approve your submissions?

No one is better than another, whether or not they have sold a million copies or are the first to emerge in this free space.
If we then talk about "styles" I would have much more to add but I prefer to avoid useless and counterproductive comments. :ugeek:
πŸ†“ Free support for our extensions also provided here: phpBB Studio
πŸš€ Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user ΒΊ Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
PlanetStyles.net
Former Team Member
Posts: 4747
Joined: Wed Nov 04, 2009 11:16 pm
Location: UK
Name: Christian
Contact:

Re: Can we implement trusted updates in the styles database?

Post by PlanetStyles.net »

3Di wrote: ↑
Fri Feb 19, 2021 1:48 pm
To approve or not to approve your submissions?
Did you read the original post? Legitimate question.
User avatar
GTI
Registered User
Posts: 14
Joined: Mon Aug 24, 2020 4:59 pm
Name: Laura M

Re: Can we implement trusted updates in the styles database?

Post by GTI »

You have a website, why not just publish your latest updates on it while waiting for them to be approved here.

I don't think the number of downloads can be relied upon as the number can be manipulated.

Things could do with going a little faster but letting people validate their own works under the phpBB brand is not the answer.

More validators is the solution but without any incentives it's hard to imagine many people wanting to do it.
User avatar
Gumboots
Registered User
Posts: 468
Joined: Fri Oct 11, 2019 1:59 am

Re: Can we implement trusted updates in the styles database?

Post by Gumboots »

GTI wrote: ↑
Sat Feb 20, 2021 2:05 am
You have a website, why not just publish your latest updates on it while waiting for them to be approved here.
Sounds like a practical solution, if policy on this site isn't going to change. The updates can even be linked from your sig.
More validators is the solution but without any incentives it's hard to imagine many people wanting to do it.
It's an excruciatingly tedious job.
User avatar
PlanetStyles.net
Former Team Member
Posts: 4747
Joined: Wed Nov 04, 2009 11:16 pm
Location: UK
Name: Christian
Contact:

Re: Can we implement trusted updates in the styles database?

Post by PlanetStyles.net »

GTI wrote: ↑
Sat Feb 20, 2021 2:05 am
You have a website, why not just publish your latest updates on it while waiting for them to be approved here.
It's something I've considered, along with also re-opening a styles in development topic to release styles while the others are waiting for validation. The problems are:

- Duplication of work
- It's not really a solution to the problem which is: Month+ long validations and no incentive for people to do the validation work

Things could do with going a little faster but letting people validate their own works under the phpBB brand is not the answer.
More validators is the solution but without any incentives it's hard to imagine many people wanting to do it.
I have to respectfully disagree. Consider ThemeForest as an example. Anybody who has sold over $75,000 is trusted with automatic updates, no approval. They sell themes for more or less any open-source platform (notably Wordpress), where the potential for security vulnerabilities is significantly higher than phpBB styles. If issues are reported and not removed, the items are removed from sale until the problems are resolved.

'Trusted' means: Trusted to update without approval, and trusted to resolve problems when they're reported.

If the CDB's report button is given a bit more prominence, then the role of the CDB team (at least for styles) can be re-scoped from reading lines of code, to: validating user reports and checking if the Author is doing something about that. Draft up some policies for when / how to engage with Authors, and define deadlines for item disablement if people are reporting bugs (actual bugs...like missing template events) that aren't fixed in a timely manner.

It is a proven concept that I have witnessed from nearly 5 years working at ThemeForest as a Customer Success Manager.

Literally everyone wins.
Post Reply

Return to β€œphpBB Discussion”