One of the things zzolo talked about in his post was formalizing the code review process. Under that heading, he included describing the basic steps of the process and the outcomes of these steps. I put together an outline of basic steps, but I would like to get some feedback before putting it on the wiki.
Basic Steps
I've divided basic steps into two categories, based on the level of expertise required to get the job done right.
Initial Review
These are steps that can be performed relatively easily, do not require a high level of technical expertise, and should be completed before technical review.
Functional review
Make sure the module functions as advertised, i.e download, turn it on, see if it works. What do people think about asking authors to use Simple Tests? Would that create a scenario where the reviewer needs to check that the tests were done right?
License review
- Make sure license text is present and not different from GPLv2.
- Check files for other non - GPL content. I saw in the documentation image files and 3rd party libraries were mentioned. Does anyone have any other examples of non-GPL content?
- TODO Put this link or link to the plain text file somewhere prominent on the instructions page. I found it somewhere on Drupal.org but can't put my finger on it now.
Module duplication review
- Determine category where the module is listed.
- Search for similar modules.
- Does anybody else think it makes sense to ask the author what category his module is listed in, to provide a list of similar modules, and explain what is different about his/her module? I'm thinking - checklist.
Technical Review
These steps require a higher level of technical expertise.
Security Review
- TODO - looking for some specific suggestions from more experienced developers
Coding Standards & Best Practices Review
Coder module is available to help with this. Does it make sense to ask the author if he has used it? or run it through yourself? or just bite the bullet and read the code?
- TODO - other
Documentation review
This may be a sub-category of Best Practices.
- check for README.txt and read it
- review Doxygen style code comments