View Source



<p>The goal of is to provide a central repository and community site for Zend Framework 2 modules. This will help in the discovery of modules by users, and serve as the default module repository used by the ZF2 CLI.</p>

<h2>GitHub Integration</h2>

<p>Users should be able to register and sign in using their GitHub account. Utilizing the GitHub integration should be optional, but could offer some compelling features. For example, upon linking their GitHub acocunt, we could scan through a user's public repositories, and possibly even detect which repositories are ZF2 modules. We could then present them to the user, prompting them to choose which they'd like to publish. There are plenty of other GitHub integration points that could be leveraged, for example, if a module is hosted on GitHub, we could utilize their download URL's, etc. A module has been started for this purpose <a href="">here</a> (with the goal to integrate it with <a href="">EdpUser</a>).</p>

<h2>CLI Publishing</h2>

<p>The site should have some sort of API (JSON-RPC, REST, etc) to allow registration, authentication, and publishing of modules straight from the CLI, without having to visit the site. This idea comes from <a href="">Node.js' NPM</a>.</p>

<h2>Module Moderation and Review</h2>

<p>Developers should be free to publish their modules to the repository / site without being subject to initial moderation or approval. However, we should have mechanisms in place for users to report modules that are malicious, broken, otherwise buggy / insecure, or blatently disregard best practices. As a community, we can establish guidelines and/or requirements for inclusion in the main repository.</p>

<h3>Reviewed Module Seal</h3>

<p>One value-add we could offer is to put together a group of volunteers to review modules for things like best practices, security vulnerabilities, etc, and if everything checks out, we could flag the module with a seal indicating that it's been reviewed by the volunteer team. We would have to be VERY clear that this does not indicate ANY sort of waranty / guarantee / liability on part of the community or those who reviewed it, but rather just indicated that it has been looked over for conformance to some basic best practices. We would publish the &quot;check list&quot; used during the review of a module to determine if it qualifies for the seal.</p>


<p>It is proposed that we provide a list of acceptable open source licenses for a module's inclusion on the site and in the repository. This list can be determined by the community, but the primary focus should be primarily to prevent commercial / &quot;trialware&quot; type modules from polluting the repository. It will be easy for third parties to create and host their own repositories, so if there is a need for a commercial repository (think &quot;app store&quot; that handles payments, licensing, and all related logistics and liabilities), then that can be left to a third party developer or company that is willing to invest the resources required to take on such a burden. The focus of should be free and open source modules.</p>

<h2>Spectacular Example</h2>

<p>The site and the backend that runs it should be fully open source, and should serve as a spectacular example of a fully working ZF2 application. We should leverage existing community modules as much as possible, and when required, create additional re-usable modules if there is not already one to solve a specific problem. The project is already up on GitHub at <a href=""></a>.</p>

<p>Modules to consider: <a href="">SpiffyDoctrine</a>, <a href="">EdpUser</a>, <a href="">EdpGithub</a>.</p>