Quote:

So am I. See HERE

See HERE for Mod Dev team should target.

I'm still in the moderator team until I reach a point where/when I can't handle it.

First I've heard of mod dev being on addons.x

I personally don't see the point of having two sites for mod development, 'cus that's what we are talking about. Core dev will be at sourceforge AFAIK. The mod dev site should contain everything to do with developing good modules and the published modules themselves.

I'd be interested in the Team Leader role for Module Development.

What have I done?

I run the Xoobs.net site where I develop the XBS range of XOOPS mods like Modgen, MetaTags, CDM and Simple Accounts. I am also a moderator at xoops.org.

What do I bring to the table?

Although I now work as a carpenter having decided on a career change some five years ago, I used to work in mainstream IT and was a programmer, project manager and finally the European IT Director for an American bank. So basically a wealth of IT experience pertinent to the
role.

My vision

1/ to make dev.xoops.org the one stop shop to pick up modules and their updates - I think the module library should reside there.

2/ make module development easier by working hard with the documentation team to produce clear docs guiding new mod devs on the road to creating their first module.

3/ create clear development guidelines and rules.

4/ start measuring module usage. I'd like to see all modules being installed, updated and uninstalled registering their presence at dev.xoops.org so that we can track who is using what. This information can form the basis for paid for affiliation programs. We can also use this info to warn users of security holes and updates to their modules.

5 create an Assured Developer program. Will enable a module to be 'xoops accredited' by going through a QA process prior to release that ensures it conforms to development guidelines etc and behaves in a conformant fashion. This program will also help pay for dev.xoops.org

I hope this is of interest

Quote:

It was actually after you sang their praises some while back that I gave them a try 'cus my previous (and still current with some sites but not for long) hosters Easyhosting, were getting expensive. I now run 4 sites with 3dPN. Top little outfit. Excellent support, very obliging (it took Alan 2 days to sort out PHP5 for me.)

Sorry - way off topic - Should I ban my own posting

Quote:

I agree. For some (valid security) reason GIJOE is pushing the envelope on this but until Xoosphere or whatever it will be called implements this methodology, it is a pain to have to install in two seperate places.

I also have experience of hosters that won't allow creation of folders outside of the web root (although in 3dPixelnets case, they can be convinced of the efficacy of doing it.)

However, more importantly I don't believe that Protector should be included in the core because:
1/ The core should be solely concerned with data and content manipulation and data security (i.e. input and output via the website)
2/ Security is fast evolving field, it is better to allow some good people like GIJOE to concentrate on the security layer that is around any good web site (i.e it doesn't matter what CMS flavour you use, Protector like security should be employed.)

And let's not forget the spam blocking capabilities of the NetQuery module. I employ both Protector and Netquery on all my sites to good effect. I just wish Protector could take on the spam blocking functionality of Netquery 'cus apart from that none of my sites need the core functionality of Netquery (good though it is.)

Despite all the security in place however, the hackers only get cleverer each day. I had one of my sites hacked last week. They managed to impersonate the hosting account name and load spam email sending software into the server's /tmp directory. They didn't touch my website. Not sure that XOOPS internal security, Protector or Netquery is ever going to stop the really determined hacker.

None that I am aware of. However look for XoopsCare module. This allows you to interface with cron scheduler and run php code snippets. Without the cron scheduler I believe it uses the technique of firing on a schedule as a result of a page refresh. Don't quote me on it though.

Quote:

Actually if mod devs used the XOOPS API properly then this wouldn't be necessary as any security holes would effect all mods and therefore be fixable by a change to the XOOPS core.

This form of third party acreditation that you hint at isn't going to work in an open source environment unless we can find that one person in the world who is interested in taking on such an onerous task (vetting all modules being developed line by line) for free!

There are a few earlier suggestions and indeed sme work has been already done on providing a quality assurance framework for module development (search the archives). Most or all have failed because there is not the collective will to impose it (e.g. a XOOPS Acredited Module stamp) nor the brave souls to take it on and run it. Most acreditation schemes I know of come with a bill, precisely because it does take a deal of effort by someone to do the work.

Support for Modgen is athttp://xoobs.net

Quote:

What logo is displayed is controlled by the theme, not by XOOPS code. You'll usually find a line such as Quote:
in theme.html