ideas to prevent 3pds spamming JED recently update

[darb]

I get so fkc tired of the spam of 3pds and you have a horrible example of SafetyBis Ltd. that spam the whole JED recently update with their fake updated. Its been done several times and it distroy other 3pds attention in the recently updated searchers filters. https://extensions.joomla.org/browse/recently-updated/

Why can it be allowed to just be able to update one extension per day per extension developer and also show case that you have to update the consistant version number obligatory i f you do an update. The only update that is relevant is the update with a new semantic version number of the extension and that what should be show cased there.

Is it so difficult to make that fields obligatory to change and make it work in the correct controlled way?

Disaster.

[Per Yngve Berg]

Mod. Note: Relocated the topic from GQ to the JED feedback forum.

[anibal_sanchez]

Hi,

It looks like you are proposing a restriction on the listing updates: "update one extension per day per extension developer and also show case that you have to update the consistant version number obligatory".

In my opinion, your suggestion is too restrictive. For instance, when I update an extension, I update it 20 times in the day until it is perfect. At some point, I also update the version number, but I'm not counting the times when I apply changes. Additionally, I'm not a native English speaker, so I use to change the text several times due to writing errors.

Best Regards

[darb]

@Anibal.

Yes I want restriction for misusing JED with inaccurate information that have no business value for end users of Joomla people in the world just creating waste of time for people seeing that these extension developers using updating JED just for their own PR/marketing attacks. It’s not just about trust for these extension developers it’s about trust for Joomla ecco system and Joomla future.

This is exactly why coders and extension developers have another view what value JED is about in my opinion. Trustfully Joomla developers will follow these update and cant spam flooding JED with 20 extensions in mass just to have attention for their company and work and letting other smaller good honest JED developers not get any attention.

In my opinion JED is not a Github advertising hub for small incremental hourly updates that you do for your extension(s). You can make max one update per day with accurate update info and that update should traceable with semantic new numbers like x.y.z and with a chronologically history date(s) saved on JED so people can see and understand what progress have been done and when.

Example of fields:
-----------------------------------------------------------------------------------------------------------
Extension: XXX Last Updated: 20200422 Latest Version number: 2.2.1
Previous update: 20200311 Version number: 2.2.0
Previous update: 20200311 Version number: 1.9.5
-------------------------------------------------------------------------------------------------------------
This numbers dates can’t be changed longer then after one hour after they have been saved just been able to created new ones.

Anibal you can solve this technically bcs it’s not a difficult thing to set up these control functions of dates and versions number and prevent them for being changed and cheated with don’t you think so?

Personally I have been waiting for this for long time and maybe its bcs its Joomla extension developers that think in their own sake that they don’t want this small improvements to follow..?

[deleted user]

Why can it be allowed to just be able to update one extension per day per extension developer

Software releases do not work in this way. A vendor may issue updates for multiple packages in a single day, and may be required to issue multiple updates for a single package in a single day (because, stuff happens, see Joomla's releases). This type of restriction benefits nobody and actually hurts the vendor who attempts to list their products on the Joomla Extensions Directory (imagine if you had 10 packages that you published updates for on the same day, would you really take 5 minutes every day for the next week and a half updating the JED because of a stupid rule like this?).

and also show case that you have to update the consistant version number obligatory i f you do an update.

A new version of the software should not be mandatory to make a metadata update. This statement seems to imply that the entirety of a JED listing may only be updated when a new version of the software is published, which to me is not an acceptable workflow for the directory.

The only update that is relevant is the update with a new semantic version number of the extension and that what should be show cased there.

It would be optimal if the recently updated feature was based on new releases of the software and not based on arbitrary metadata updates.

You can make max one update per day with accurate update info and that update should traceable with semantic new numbers like x.y.z and with a chronologically history date(s) saved on JED so people can see and understand what progress have been done and when.

Example of fields:
-----------------------------------------------------------------------------------------------------------
Extension: XXX Last Updated: 20200422 Latest Version number: 2.2.1
Previous update: 20200311 Version number: 2.2.0
Previous update: 20200311 Version number: 1.9.5
-------------------------------------------------------------------------------------------------------------
This numbers dates can’t be changed longer then after one hour after they have been saved just been able to created new ones.

It is not the JED's role to maintain a version history of the listing, impose restrictions on version numbering schemes used by vendors, or impose restrictions on the frequency of editing any information about the listing, and the creation of said restrictions hinders the ecosystem more than it helps by making the JED a less useful resource than it already is.

[darb]

Now this [ redacted ] spammer again company: SafetyBis Ltd. have done this spam attack on JED with 10 fake updates!

Example of one of their spams that they contiue to do as PR for their 10 extensions they have and never update https://extensions.joomla.org/extension/seo-protection/

https://extensions.joomla.org/browse/recently-updated/

When should Joomla fix this??

I get so angry to see this continue year by year by year and affecting other 3pds that are honest and dont do this but drawning in the flood of these bad actors of misusing the JED.

[darb]

@mbabker

Why can it be allowed to just be able to update one extension per day per extension developer

Software releases do not work in this way. A vendor may issue updates for multiple packages in a single day, and may be required to issue multiple updates for a single package in a single day (because, stuff happens, see Joomla's releases). This type of restriction benefits nobody and actually hurts the vendor who attempts to list their products on the Joomla Extensions Directory (imagine if you had 10 packages that you published updates for on the same day, would you really take 5 minutes every day for the next week and a half updating the JED because of a stupid rule like this?).

If you are a trusted Joomla extension developer allowed to update your JED extension one time per day and need to correct something you can explain and update do that the next day with that official info/update version with a new update number on Joomla JED. That prevent automatically this flooding’s from happened - it’s not a stupid rule.

and also show case that you have to update the consistant version number obligatory i f you do an update.

A new version of the software should not be mandatory to make a metadata update. This statement seems to imply that the entirety of a JED listing may only be updated when a new version of the software is published, which to me is not an acceptable workflow for the directory.

Isn’t that what "Recently updated" is for so you can follow see trace what have been updated about the software? You update the version number and explain what have been updated whatever you have updated. Then you can analyse and follow the extension enhancements and judge what developer you want to support and trust if you have several to choose from. Which one do you want to do business with? Who do you trust long term to choose? Example should I trust Community Builder, Joomsocial or EasySocial? Just look at their change log and update history https://stackideas.com/changelog/easysocial (Recently updated JED )

The only update that is relevant is the update with a new semantic version number of the extension and that what should be show cased there.

It would be optimal if the recently updated feature was based on new releases of the software and not based on arbitrary metadata updates.

You can make max one update per day with accurate update info and that update should traceable with semantic new numbers like x.y.z and with a chronologically history date(s) saved on JED so people can see and understand what progress have been done and when.

Example of fields:
-----------------------------------------------------------------------------------------------------------
Extension: XXX Last Updated: 20200422 Latest Version number: 2.2.1
Previous update: 20200311 Version number: 2.2.0
Previous update: 20200311 Version number: 1.9.5
-------------------------------------------------------------------------------------------------------------
This numbers dates can’t be changed longer then after one hour after they have been saved just been able to created new ones.

It is not the JED's role to maintain a version history of the listing, impose restrictions on version numbering schemes used by vendors, or impose restrictions on the frequency of editing any information about the listing, and the creation of said restrictions hinders the ecosystem more than it helps by making the JED a less useful resource than it already is.

That’s exactly why the JED exist to show case the trust of Joomla 3pds that can show that their software is updated with the time, history and semantic version for control of what is related for that update. Should be obvious but sure you don’t understand. See successful Joomla developers like EasySocial Stackideas and why they are successful compared to others.

[deleted user]

@mbabker

Why can it be allowed to just be able to update one extension per day per extension developer

Software releases do not work in this way. A vendor may issue updates for multiple packages in a single day, and may be required to issue multiple updates for a single package in a single day (because, stuff happens, see Joomla's releases). This type of restriction benefits nobody and actually hurts the vendor who attempts to list their products on the Joomla Extensions Directory (imagine if you had 10 packages that you published updates for on the same day, would you really take 5 minutes every day for the next week and a half updating the JED because of a stupid rule like this?).

If you are a trusted Joomla extension developer allowed to update your JED extension one time per day and need to correct something you can explain and update do that the next day with that official info/update version with a new update number on Joomla JED. That prevent automatically this flooding’s from happened - it’s not a stupid rule.

This comment indicates you have never been involved with another individual or organization that is charged with the distribution of software and therefore any further discussion on this point is not going to yield a productive result. But, since I hate myself so much, let me give you two examples of why your proposed workflow is invalid:

1) A company such as Regular Labs issues updates for multiple extensions in a day (as Peter regularly does). Given your requirements, he may only update a single JED listing one time in the day. This forces him to either spend multiple days updating JED listings or change his company workflow to only issue a single release per day.

2) A vendor issues an extension update and after the release a critical bug is reported which necessitates a short turnaround for a new release. Given your requirements, this update cannot be published to the JED for at least 24 hours. If the JED were a canonical source of software downloads, this would mean that the broken version would remain online for at least 24 hours instead of enabling the vendor to issue a corrected release in a timely manner.

and also show case that you have to update the consistant version number obligatory i f you do an update.

A new version of the software should not be mandatory to make a metadata update. This statement seems to imply that the entirety of a JED listing may only be updated when a new version of the software is published, which to me is not an acceptable workflow for the directory.

Isn’t that what "Recently updated" is for so you can follow see trace what have been updated about the software? You update the version number and explain what have been updated whatever you have updated. Then you can analyse and follow the extension enhancements and judge what developer you want to support and trust if you have several to choose from. Which one do you want to do business with? Who do you trust long term to choose? Example should I trust Community Builder, Joomsocial or EasySocial? Just look at their change log and update history https://stackideas.com/changelog/easysocial (Recently updated JED )

It depends upon your definition of recently updated in relation to the JED's implementation of recently updated. If they have implemented recently updated in a way where any metadata change to the listing results in it being bumped up to the top of the list, then they have enabled the ecosystem to exploit this behavior by implementing a buggy solution. If recently updated only applies to the issuance of a new software version, then it actually causes more effort for a software provider to exploit this system as they would have to take the steps necessary to issue a new version of their software for each time they change the version string. With that being said, if a vendor is legitimately issuing a new release with every commit to their source code repository (potentially multiple times per day), then that to me is a red flag as it seems to indicate a lack of quality assurance prior to the issuance of each release and that they are only doing so in order to exploit the behavior of the software directory.

No matter what though, the JED should not implement a behavior that restricts updating the metadata of a directory listing to only when a new software version is issued. Again, as it seems you have never been in a position to be involved with the distribution of software, I will clarify for you that there is a difference between a metadata update (i.e. updated description, or screenshots, or links to the vendor website) and the issuance of a new software version, and that it would be optimal for the listing directory to account for this difference in creating an optimal end user experience. The JED has seemed to fail at this and vendors within the Joomla ecosystem have exploited this behavior; it is the JED that should be shunned for this and not those vendors (though those vendors are not 100% guilt free as depending on how they are gaming the system they are exposing their own issues that would raise cause for concern for any potential consumers of their software).

It is not the JED's role to maintain a version history of the listing, impose restrictions on version numbering schemes used by vendors, or impose restrictions on the frequency of editing any information about the listing, and the creation of said restrictions hinders the ecosystem more than it helps by making the JED a less useful resource than it already is.

That’s exactly why the JED exist to show case the trust of Joomla 3pds that can show that their software is updated with the time, history and semantic version for control of what is related for that update. Should be obvious but sure you don’t understand. See successful Joomla developers like EasySocial Stackideas and why they are successful compared to others.

To be frank, the JED now and for at least the last decade has never been architected in a manner that indicates that it should be used as a trusted resource when researching potential integrations into a Joomla based website, and anyone placing any value in a software package or vendor having a JED listing is honestly only making a fool of themselves.

[darb]

I get so fkc tired of the spam of 3pds and you have a horrible example of SafetyBis Ltd. that spam the whole JED recently update with their fake updated. Its been done several times and it distroy other 3pds attention in the recently updated searchers filters. https://extensions.joomla.org/browse/recently-updated/

Why can it be allowed to just be able to update one extension per day per extension developer and also show case that you have to update the consistant version number obligatory i f you do an update. The only update that is relevant is the update with a new semantic version number of the extension and that what should be show cased there.

Is it so difficult to make that fields obligatory to change and make it work in the correct controlled way?

Disaster.

Thanks SafetyBis Ltd. for spamming Joomla recently updates again with nonesense update of 10 extension fake updates again.. https://extensions.joomla.org/browse/recently-updated/