.How will it be determined that the commercial or other extensions listed on these websites are GPL and JED compliant?
How will the "policing" of the non-JED-listed extensions be handled?
How will it be determined that these other extensions do not have obfuscated/encrypted code?
If they require a fee to download many users are never going to examine the extension.
If they are not listed in the JED no files have been submitted for review when a listing is requested.
Extensions listed in the JED are regularly found with obfuscated/encrypted code.
I have found two myself in the last few weeks (reported and removed from the JED)
From this I assume there are many other extensions found by other users as well.
It appears to be an ongoing problem.
All these JED-listed extensions have to be submitted to the JED for listing.
And there are still many cases of non-compliance found.So how will it be determined if the non-JED-listed extensions are really open source GPL?
The bigger picture . . .Public disclosure and a record of violations would encourage self-compliance.
Where is the developer history of violations?
No innocent user has any way to know the developer has a long history of unethical behavior.
Currently there is no public history of bad behavior so it happens over and over.
Anyone who has been around awhile and has a good memory knows there are some "bad" players out there.
These "bad" players are still in business because the current secrecy policy hides their bad deeds.The developer page on the JED should include a record of the JED warnings, de-listings, and violations.
The last extension I reported for hidden code on the JED currently shows:
This extension has been unpublished for the following reason:
- UR9-Violation - Licensing Restrictions
Unpublished Comments From Editors
- Contains obfuscated code.
But that page only shows if you already know the URL to that extension.
Nothing shows in the JED search - the extension is simply not found.
Very few users will ever see this warning (only someone with a bookmark)
So this blatant violation of hidden code has little or no consequences.
Later the extension will probably be listed again.
No one will know what happened.
Users will not know this developer cannot be trusted.
Other developers will know that there are no serious consequences to breaking the rules.
So what if your extension is de-listed for awhile.
You got caught but who cares.
Wait awhile and no one knows what you did.
This is a bad policy that does not encourage self-compliance.
When the Internal Revenue Service in the USA announces a new compliance push the press releases actually state as part of the goals is to get the publicity gained from high profile cases.
That public disclosure encourages many others to comply on their own.
They know that one Wesley-Snipes-goes-to-jail case is worth many, many, many revenue agents' long hours.Public disclosure of developer history on the JED would have multiple benefits.
- Users would be much better informed on whether they should trust this developer with their website and/or money.
- Self-compliance would reduce the JED volunteers time load spent on "policing" violations.
- And serial violators will no longer benefit from the JED secrecy which enables them to continue.
Mutual protection is a benefit of real community - helping innocent users be protected from the bad guys.
The current JED secrecy is just protecting the bad apples.What really needs to be discussed is how to improve the developer summary page.
The current focus is on rating the extensions with little attention to the developer (which creates the biggest user problems).
Perhaps a new thread on that subject would be appropriate, and very useful discussion.