"No Sender" is a module that suppresses the inclusion of a Sender header on outgoing email. The main purpose is to avoid the often-unsightly "Sent by [sender header] on behalf of [from header]" style messaging that some mail clients show when there is both a Sender header and a From header. drupal_mail() always sets the former to the site email address, while the latter can often be a dynamic value populated by Webform and the like. In many cases, with support from relevant email RFCs, it's desirable to have only a From header.
Project page: https://www.drupal.org/project/nosender
git clone --branch 7.x-1.x https://git.drupal.org/project/nosender.git
cd nosender
I have not yet had a chance to participate in the Review Bonus program, but I am otherwise active in the community with a relatively solid understanding of web security. Being a trivial module, I understand if this is insufficient for the vetted role to be granted, but please do consider things like adherence to Drupal coding standards in this small sample.
Thanks,
Mike
Comments
Comment #2
mforbes commentedComment #3
mario steinitzJust some (semi-)automated tests:
Git errors:
Review of the 7.x-1.x branch (commit 80599bd):
Comment #4
mforbes commentedThanks for the quick turnaround, Mario.
I unfortunately ran into some environment issues installing PAReview.sh and its dependencies myself (macOS; will try again on Ubuntu), and the online version prominently linked from Coder's project page seems to be registered but not currently resolving.
The fixes are committed now. I had considered tests, but concluded that a lack thereof would be acceptable due to the trivial nature of the module combined with the fact that a good test involves receiving email (not something a headless browser engine might do).
Comment #5
mario steinitzYes, the PAReview.sh service is currently down. I'm working on a refurbished solution for it and was using your application for testing the script. - Feel free to open an issue in the PAReview.sh issue queue for your installation problems.
Comment #6
mario steinitzAltered git clone command to be used by non-maintainers.
Comment #7
mario steinitzAnd this is the result of the current check. The module documentation needs some fixes.
Review of the 7.x-1.x branch (commit aca8d45):
hook_help(). See https://www.drupal.org/docs/develop/documenting-your-project/module-docu... .This automated report was generated with PAReview.sh, your friendly project application review script.
Comment #8
mforbes commentedI precisely followed some other conflicting documentation on building my README.txt:
I don't believe it's right for https://www.drupal.org/docs/develop/documenting-your-project/module-docu... to use the word "should" if opting out yields reverting to "Needs review" status. Let's replace "should" with "must" on that page if that is the case! Or if not "must," then at least "should -- if you want security coverage!"
Please don't get me wrong, I am a strong believer in standards and clean code; I am happy to use the template if that is expected. "Should" is just an awkward way to set expectations that are then enforced.
Comment #9
mforbes commentedSimilarly, https://www.drupal.org/docs/develop/documenting-your-project/module-docu... goes on to say "All but the most trivial modules should implement hook_help()."
Not only is "should" used, but even if it were "must" instead, this module is almost certainly one of "the most trivial modules," no?
I can certainly fix both of these issues with this module, but I can't help but voice my concern that the documentation on what is expected should (hah!) be as forceful as the review process.
Comment #10
mforbes commentedAddressed README.txt and hook_help() issues. See comment #4 regarding tests. Anything else you think this needs please let me know! Thanks.
Comment #11
mario steinitzOk. Let's say the interpretation on whether there is a need for hook_help() or not is kind of fuzzy (and obviously also dependent on the final reviewer). The review suggestion to adding it comes up a lot of times. - Personally, I'd say it doesn't hurt adding it and definitely should be considered best practice for any matured module. (Probably we really have to ask within the best practices group to finally make sure.)
However, with the README we have an explicit requirement for Security Advisory Coverage in https://www.drupal.org/node/1587704, Section 5.3:
I don't know what was first, the project page template or the README documentation that suggests using the content of the project pages. But Security Advisory Coverage want's you to use the README template, as it's the most recent agreed on schema (even it differs from the project page template).
Comment #12
mario steinitzReviewed and did not find any further issues. (It's a small module anyway.)
Comment #13
mforbes commentedAh, that makes sense. Hooray, RTBC!
Comment #14
mforbes commented"awaiting response from a reviewer for 2+ weeks"
Comment #15
mario steinitzWelcome to the club. ;) - No honestly, the final reviews take a long while to being processed. The Git admins seem not to being too active with final reviews or just too busy with other tasks. A final review includes checking the entire code base for obvious flaws, probably installing it on a test environment, and finally agreeing that the developer met all QA requirements. Above semi-automated checks and manual community reviews are just the first stage to not letting them have to start with low-quality code.
Sometimes there are batch accepts to clean the queue. Otherwise we just need to be patient till one of the admins has enough spare time to spend on the final review.
PS.: After a decent enough waiting time (a month+), you may gradually increase the priority of your issue. It might help in RTBC status. And meanwhile feel free to review other module applications for RTBC suitability.
Comment #16
mforbes commentedYep I get it, no problem at all. Just going through the motions, following the guidelines at https://www.drupal.org/node/539608 -- they say Major at 2+wks (Critical at 4+wks) but are you saying I should've waited until a month+ for Major despite the guidelines?
Comment #17
mforbes commentedAha! After re-reading the guidelines, that 2wk/4wk timeline is only for issues in "Needs review" status, not RTBC... I somehow missed that bit. Back to normal.
Comment #18
rajveergangwarHi,
Its better to have maintainer email id and name in README.
Module looks good for me
RTBC+
Comment #19
mforbes commentedThanks for the review!
https://www.drupal.org/node/2181737 says "This section is optional" regarding maintainers. The template ought to say "You should have this section" if having it will be recommended. If I dissent on a "should," having a discussion is great and I would be hard-pressed to argue my position; if I omit something that is "optional," isn't that perfectly agreeable?
Comment #20
rajveergangwar@mforbes
Yes, it is optional, But if you put your email id or profile link, so users can directly contact to you.
The module is working perfectly. Nice job
Comment #21
avpadernoThank you for your contribution!
I am going to update your account so you can opt into security advisory coverage now.
These are some recommended readings to help with excellent maintainership:
You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank all the dedicated reviewers as well.
Comment #22
avpadernoComment #23
mforbes commentedThanks kiamlaluno!