I think it would be a good idea to do some of this, so we can find vulnerabilities in the Sponge API.
Also so we can create plugin upload screening software
Plugin screening will be done by people, they may be aided by tools but plugins are manually reviewed. Uploads MUST go through people before they are posted. It’s far easier to trick a screening tool than someone possessing a copy of the bytecode and running through it line by line at worst.
How about: Plugins can be uploaded without approval, but until approved, there is a big warning to downloaders that the plugin hasn’t been approved, or similar.
That does work to solve the issue of a backlog, still requires fairly large manpower to not get incredibly behind though. Also, amateur server owners probably are not even aware a plugin could exploit their setup and leave them vulnerable, what happens when someone uploads a malicious plugin? You see how well ASOs listen on sponge when we have at multiple locations that it is not ready for download. They are going to look right past a warning label.
BukkitDev may have been fairly slow, but it was a lot faster than getting new updates to an iPhone app. So as long as we are faster than that, I think the Ore plugin response team will be fine. I know I don’t want any links even with cigarette ad style warnings in front of them if the file is unapproved, since many misguided server owners don’t read the messages.
WARNING: INSTALLING UNAPPROVED MODS IS HAZARDOUS TO YOUR SERVERS HEALTH.
http://www.eyeofthegeek.com/gallery/var/albums/ComputerDemolition/ServerDestroyed/Picture%20014.jpg?m=1343768558
This message brought to you by the sysadmin general.
That mobo got rekt… scratches head How does that even happen?
Should probably make this more relevant to the original topic…
My university has a hack-a-thon, but its not about hacking and breaking things, rather, its a 24 hour competition to build some piece of software. Some great things come out of timed competitions (I believe the Trouble in Terrorist Town Garry’s Mod gamemode was made in some sort of timed competition, don’t quote me on that, though) and I do think that could be beneficial for the community.
We regularly had approval measured in minutes rather than hours. The difficulty isn’t the system itself it’s getting volunteers willing to suffer through review, and then deal with an utterly ungrateful community in the extremely rare event they make a mistake.