Jump to content

[Idea] - WHMCS Authorised Developer - Seal Of Trust

Grizzlyware Josh

By Grizzlyware Josh
in General Discussion

 Share

Recommended Posts

Grizzlyware Josh Senior Member

Grizzlyware Josh

Posted
Posted

I would like to push this idea, it's not my idea, I just love the concept of it.

 

I am in the process of contacting WHMCS developers to create an "Authorized Developer" system between us. This will in-turn give users the satisfaction that all the modules they have are by legit developers. This system will of course be open to any developer that wishes to work within the WHMCS community, but closed to any developer who does not work ethically.

 

Thumbs up for this, and I'm sure all the other developers would like it too! 8)

0
Link to comment
Share on other sites
CDDHosting Member

CDDHosting

Posted
Posted (edited)

In theory it is a good idea, but how would one obtain this `seal``? What if a so called trusted developer jumps ship, then perhaps people would take it out on WHMCS. I do not think it is a good idea for WHMCS to get involved with third party addon stuff. Extra un-needed work for them imo.

Edited by CDDHosting
0
Link to comment
Share on other sites
Grizzlyware Josh Senior Member

Grizzlyware Josh

Posted
  • Author
Posted

Well, if it was created, I'm sure you would want to be a part of it, to set yourself from the people who make mods for a 'hobby', right? Who says its a power thing, if they have made a few good mods, and never messed anyone around, they're in. If not, sorry, no entry. If so many other places have "Approved Developer" trusts, why can't WHMCS?

0
Link to comment
Share on other sites
Alistair Senior Member

Alistair

Posted
Posted

So what about when 2 developers each create something that is very similar?

 

We've seen it before in these forums..."you stole my idea rar rar rar".

 

Is it a copy? Who decides? The biased board? WHMCS?

 

I really think it has potential for more problems than it would be solving. Can you explain what are the disadvantages of not having this approved system?

0
Link to comment
Share on other sites
Grizzlyware Josh Senior Member

Grizzlyware Josh

Posted
  • Author
Posted

I agree with you on that. It actually made me laugh, rar!

 

But this isn't for developers, it's for customers to see, we're not going to run away with your money.

 

The disadvantages, customers who have been ripped off by developers that have disapeered or delivered an awful module, then look for another developer, are overly cautious. If there was a stamp of trust, they wouldn't think twice.

0
Link to comment
Share on other sites
Grizzlyware Josh Senior Member

Grizzlyware Josh

Posted
  • Author
Posted

Well, make it a little bit harder to get the seal then, so instead of just never having put a foot wrong, they also have to apply and prove other things, like name, address, time they've been trading.

 

There would have to be a web site that 'certain' (Trusted members, limited to X) people can edit and this will list the names & addresses of the devs upon request...? I really don't know, this wasn't even my idea, but I really like the thought of it.

0
Link to comment
Share on other sites
ChrisTERiS Senior Member

ChrisTERiS

Posted
Posted

Well, even if I've already post that I support this idea, I know very well that there are lots of difficulties. As Alistair mentioned before, what this seal will prove? That you've an active site? I've too. But it happens to me 2 times to go emergency for hospitalization and actually the first time kept me in for more than 1 month. So maybe I had a site, but nobody was there.

If it's to prove that this person exists, I've already the seal from Comodo after sending some papers. Finally I believe that the only reason to have this seal is for the code quality. But who will involve in such problems. Matt who is the only one whose the opinion counts for the quality of code, I don't think that he'll decide to involve in such problems. And don't forget the fake seals. I've found soooooooo many fake seals in the net with first coming seals from Trust Guard (did I wrote correct?).

0
Link to comment
Share on other sites
jeremyhaber Senior Member

jeremyhaber

Posted
Posted

Thanks bdigitalstudios for starting this thread. And everyone for supporting the idea.

 

I have recently been in contact with WHMCS about this idea. Rest assure when I say something, I tend to mean it :)

 

I am going to open up my thread with WHMCS here so we can all work on this together as hopefully this will be a community effort.

 

Original Ticket

As you may have been monitoring some action on the forum this morning; We are looking to develop a WHMCS Developer Network to Authorize Developers. We want to make sure the end user understands that the addon's/modules that they are downloading are from a reputable source.

 

I am not looking to profit off this!

 

The reason I am contacting you is that I would like to work you to get this project released freely to everyone. The benefits of this project are astronomical for the WHMCS platform. You can be the first web hosting billing and support solution to have developers authenticated by the community.

 

1. Developer Authentication

Developers are offered a specific private/public development key. These keys will be worked into the addon and connect to a server to check the developers status.

 

The WHMCS platform will handle the response and display it in the addon manager and throughout the addon pages. Developers with no private/public keys will have a "This module was not created by an Authenticated Developer" message.

 

To avoid conflicts with legitimate developers who have not distributed a new version of the addon the developer can alternatively register their addon name with the WHMCS developer network. Which will be checked if the addon/module does not have a private/public key. This will only remove the line "This module was not created by an Authenticated Developer" and not provide proper authentication due to security risks.

 

Developers can also connect to the server to retrieve their status and place it within their own sites.

 

2. Community Contribution

Developers are ranked based on their standing with the WHMCS community. This is a very delicate process, as the community cannot always be determined as reliable.

 

Becoming an Authenticated Developer:

There are two ways to become an authenticated developer.

 

The first way is through positive feedback of their addon/module(s) from the community. The community will determine if the developer should be trusted.

 

The second way is through another authenticated developer. An authenticated developer can review the developer in question and can decide whether or not they should be part of the developer community. During this process the developers can request the source code of the to-be authenticated developer to verify that a) the source works as expected b) the source does not have any misc. code.

 

If they are turned by the authenticated developer they can still be approved by the community.

 

Losing Authentication:

There are a few ways a developer can lose their authentication.

 

Bad Workmanship - There are a variety of ways that developers can show bad workmanship.

a) If there are problems with the quality of work released by the developer. The addon/module should work as advertised.

b) The developer fails to inform customers of downtime.

c) The developer disappears from the community and stops providing services provided. This include developer sites disappearing, the developer becoming unreachable, ect..

 

Abuse of the System - Authenticated developers can be unauthenticated if they abuse the developer authentication system.

 

Community Votes - The community has a huge part to play in this system. After all the developer is serving the community! The community can revoke the authentication of a developer if they believe the developer to be of bad workmanship or abusing the system.

 

That being said the developers will not lose their authentication by the community until the dispute against the developer is closed. This allows the developer to argue their case. If the community does not deem just to the case the developer can seek the assistance of other authenticated developers in order to maintain their authentication.

 

The authenticated developers that provoke proper justice must do so without bias for either side. They must be willing to put their own authentication on the line will giving justice.

 

Let me know if you are interested in working on project with me.

 

Response from Matt:

I'm not sure what happened on the forums but this sounds like an interesting idea, although can't see how having users verify other users would necessarily work. I mean I can see the problems would be it discourages developers who aren't authorized, and it would be open to lots of abuse from people with grudges or other developers making comments or reports about their competitors... Would take a lot of thought.

 

I do agree that are many things to still figure out regarding this system. But limitations can be overcome!

 

Discouraging developers: I do agree that this system sounds a bit intimating for the new developers out there. The network would definitely need to encourage growth of the community well maintaining quality of the community. These are both key components that the authorized developer network should with hold.

 

I am working on my solution to this. In the meantime if anyone has any thoughts on this please feel free to add to it.

 

Abuse of the system: Here is where I tend to disagree with Matt. Grudges about developers will happen regardless of having a network or not if the developer/client does not hold up to their end of the deal. This is where the community really comes into play.

 

The community is often really good about figuring out who is at fault and offering advice. The community can support the developer or not. If the community decides to support the developer the one grudge against the developer will be discredited.

 

That is about it for now. I will continue open contact with WHMCS and direct them to this thread. If anyone has any idea on how to improve this feel free to contribute!

0
Link to comment
Share on other sites
Grizzlyware Josh Senior Member

Grizzlyware Josh

Posted
  • Author
Posted
I do agree that are many things to still figure out regarding this system. But limitations can be overcome!
Exactly!

 

I love the idea of what you said in the ticket. The key would have to display the Author of the module, from the Seal server, this way a developer couldn't give his key to another dev to get the seal, as it would come up with a different developers name..

0
Link to comment
Share on other sites
jeremyhaber Senior Member

jeremyhaber

Posted
Posted

Well yes, it can essentially do that. The first step of what I mentioned was to verify the author is who they say they are using the Seal server.

 

Pretty much the public key gets encrypted with the private key and is sent to the seal server. As well the public key is sent off with the encrypted private/public key. Once there the server looks up the public key and attempts to recreate the encrypted hash. If it is successful, the developer is authenticated.

 

The seal server then can send back any information it wants.

Seal Status - Verified/Under Review/Untrusted/ect...

Developer Name

 

That being said modules will need to be encrypted to protect the private keys.

 

Well thats the easy part. The hard part is the seal management system and how developers become verified/authenticated. My initial idea is just the start of the whole process. Clearly we need to outline a few guidelines on how everything works.

0
Link to comment
Share on other sites
jeremyhaber Senior Member

jeremyhaber

Posted
Posted
I think thier should be a buy in to make the WHMCS modules.. This would keep out people that are really not in it fo the long term.. My 2 cents ...

 

In a general sense that would filter out the people who aren't serious about designing/developing modules. However we need to make sure we encourage development for the good of the community.

 

We do not want to have developers built into a tight pack.

 

As well where would that money go? The only real expense would be a server to check the seal. This could probably be handled through the WHMCS server if WHMCS agrees to this Seal of Trust system.

0
Link to comment
Share on other sites
Grizzlyware Josh Senior Member

Grizzlyware Josh

Posted
  • Author
Posted
In a general sense that would filter out the people who aren't serious about designing/developing modules. However we need to make sure we encourage development for the good of the community.

 

We do not want to have developers built into a tight pack.

 

People who make free mods are fine, this is only for commercial developers who want to prove to the customer, we're real and not going to run away with your money. This seal wouldn't stop free mod developers developing at all, which is good.

 

 

As well where would that money go? The only real expense would be a server to check the seal. This could probably be handled through the WHMCS server if WHMCS agrees to this Seal of Trust system.

 

That was my first thought, there are no expenses for it par the server, but I think it would run fine on the WHMCS one. I can't think of anywhere for that money to go...

0
Link to comment
Share on other sites
ChrisTERiS Senior Member

ChrisTERiS

Posted
Posted (edited)

For the moment I'm building a Marketplace <<URL removed>> where any Coder or Designer can list his/her products, with Classifieds for users (Want to Sell, Want to Buy, Auctions), Coupons and further more Scriptlance like jobs/projects and finally Buy/Sell Domains and Websites. Sure it will not give seals, but as it allows buyers to review the companies, it's an advantage.

Except the last 2 sections, all others are my own code and they're working with vBulletin as backend.

 

Maria

Edited by ChrisTERiS
Typo
0
Link to comment
Share on other sites
MACscr Senior Member

MACscr

Posted
Posted

So in what cases has any such seal been useful to prove someones worthyness? They never do. Its not like any of the developers that were here and ran of with peoples money, etc, had bad pasts. Such a board or seal wouldnt be able to help with those cases. Reviews of people/mods can easily be done here in the forums, just like any other. Believe me, I completely understand the point of this thread there has been many shady devs selling things on the forum, but I dont think in reality such a board/seal would work. I do though think it wouldnt be such a bad idea if WHMCS kept unencrypted copies of devs work just in case someone went AFK for x amount of time. Basically something like: if your going to sell a script on this forum, you have to adhere to X rules (1 of those being the unencrypted option). I dont know. I personally wont buy any scripts anymore on these forums that are encoded. Promises from devs that say that if they choose to give up support, etc, they will release an unencoded copy is a completely worthless promise. Just like the ones that have promised they wouldnt go afk in the beginning.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept