Advertisement
Guest User

Untitled

a guest
Sep 2nd, 2015
64
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.01 KB | None | 0 0
  1. ## Integrate the VEL and the JED
  2.  
  3. ### Introduction
  4. I strongly believe the JED and the VEL functions should be more tightly integrated. The VEL's usability and visibility would escalate incredibly with such a change, and adding the VEL as a "feature" OF the JED would allow both teams to have a greater positive impact on the joomla community as a whole.
  5.  
  6. ### Reasonings
  7.  
  8. ##### Record De-Duplication
  9.  
  10. Currently "vulnerability" information for extensions is not maintained where that extension is most prominently accessed. Instead vulnerability information is stored on the VEL, in a static like format with no connection to the JED listing.
  11.  
  12. Appending VEL information to a JED listing would mean that the extension has only one record within the Joomla.org family sites, and users would be able to review that extension’s past and current vulnerabilities within the context of the JED, where they most likely found the extension in the first place.
  13.  
  14. ##### Increased Usefulness To The Community
  15.  
  16. The VEL property is less functional than the JED. Searching, filtering, and ordering are all features that the JED has implemented well. Any record searching utility, like the VEL portrays itself to be, should have these features.
  17.  
  18. ##### Monitoring of non-JED extensions
  19.  
  20. One major reason that the VEL is not part of the JED is because the VEL is able to then “track” non-JED distributed extensions. This is counter productive to the way Joomla has positioned itself to developers.
  21.  
  22. The _community_ of Joomla decided many years ago to support developers who play by the community’s rules. The VEL is doing a disservice to very intentional decisions the community has made to support our community by tracking non-JED extensions. Joomla.org property sites should not be inconsistent.
  23.  
  24. ##### Access of VEL information via JED API
  25.  
  26. The Joomla Install from Web feature, although controversial, is a huge move forward for our community. Yet that feature is less useful, and detrimental to the image and brand of Joomla if it has poorly maintained, but one-click-install accessible extensions on it. Having an extension’s VEL history log within the record would increase usefulness and functionality to install from web users considerably.
  27.  
  28. ##### Better Extension Developer Accountability
  29.  
  30. Because the VEL has relatively low visibility in comparison to the JED, extension searches on search engines like Google don’t contain VEL information. Extension developers with security vulnerabilities are not held responsible because of this low visibility. By allowing quick and easy access to VEL information from a JED listing page, extension developers will be encouraged to react more quickly, and code more responsibly with security in mind.
  31.  
  32. ##### Reduced J.org Technical Debt
  33.  
  34. Maintaining a Joomla site is a huge amount of effort for any team. Updating extensions, updating Joomla, etc… all require a ton of effort. By removing the VEL, the joomla community allows the VEL team to be more productive with managing VEL information, and spend less time on website maintenance.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement