Why do we want to review customer themes and plugins
I'm pulling this out of the Theming chat.
The real question is: Should we require a review of changes a VIP makes with Code Deploy.
I think to answer that first you have to answer following question:
Why do we want to review these things in the first place?
From my perspective theres a few different things we want to prevent:
- Undiscussed custom functionality on the server. We have a whole process for these types of features now. Use it.
- Major performance concerns.
- Something that will get in the way of us working on Roadmap goals.
- Functionality that is doing something inherently fragile.
- Functionality that is doing something that poses a security risk.
- The code is documented so that if they break something and need our assistance or we change something in the core platform, we can figure out how to fix the plugin/feature or advise the client on how to do it themselves.
This whole thing's in my head because of this comment:
I am going to suggest to them if they like we can review their next PR for the theme
We absolutely should be reviewing themes. Themes can technically do anything a Plugin can do. A theme is Plugin + some extra stuff in the way Vanilla works. Normally themes tend to do just that "extra stuff" but that is not a requirement of a theme.
We should be reviewing these themes for the same criteria. A few things we don't care about when reviewing a theme/plugin whatever.
- Stylistic choices (Eg. They can change whatever CSS they care about and we don't really care)
- Javascript/code running in the browser.