Questions about reviews

Add-ons addons.mozilla.org
1

Hi there,

A few questions about reviews.
I have 3 modules in addons.mozilla.org and for the three of them I use grunt to reduce weight of css and js files and being able to use Sass.
I had no problem until soon.

But since a few weeks someone decides to review one of my module. Good.
Problem he had no idea of grunt or Sass, so I spend a coupe of hours to explain him how to set it up and how it works (there was explaination in readme file). Once done he suddently stopped to send messages and did not set also the addon as confirmed. I guess the only thing he wanted was to read my code to see how it works and use it later.

So, another personn decided to review it. Good.
This time the personn we able to set up grunt by his own and to get a compressed js file.
But it seems he didn’t get exactly the same compressed js file as mine. I guess this is totaly possible has he surely did not use the same OS or version of grunt as mine.
But the only thing I get was his compressed version of the js and a mail asking me to fix the problem.
Did you ever try to compare two compressed js file ? This is a non-sense.
And I get a week to answer.

As my module is totally free, made on my free time and used by 60 people only, and I have a real job, I’m sorry but I couldn’t answer to his impossible request in one week. Are we allowed to have personal life ?

So he set the module as rejected, and now users can only access to an older version. Which is again a non-sense because it uses the same technos and it is juste the same addon with less fonctionnality and obviously more bugs.

So my question is, what I’m supposed to do ? Upload a new version with no changes and hope that nobody will review it ? Or leave it as it is ?

I don’t understand how the addons store can grow with this kind of reviews. More, the two peoples that have review the addon have empty mozilla profiles with no addons for the second one, and one addon with 20 user for the first one. Can anyone review a module and reject it ?

Once the addon rejected you can’t speak with them anymore. I guess this is a very bad way to manage reviews and I thing I’ll drop my module under mozilla and only maintain the chrome version, as I can’t spend hours to explain how grunt works to anyone.
I’m quite disapointed as I recently moved back from Chrome to firefox and was excited to made my existing chrome addons working on firefox.

If someone here or at mozilla can explain me, what I’m supposed to do as I won’t compile my js file under every possible OS to see why two version of the same file are distinct.
Should I drop my module ?

Thanks for your advices.

Fyi :
Here is my module : https://addons.mozilla.org/fr/firefox/addon/muanalytics/
Here are the profile of the personn who made the review, maybe they can explain themselves here :
https://addons.mozilla.org/fr/firefox/user/ralucaS/
https://addons.mozilla.org/fr/firefox/user/AndreeaNeamtiu/

Pd: Hope my english is not too bad, as i’m french.

2

It is entirely possible to make reproducible minfied files with grunt or any other JS build tool and affiliated minifaction tools for JS, HTML or CSS.

A few tips:

  • Ensure you don’t include a header in the minified files that includes things that change, like dates
  • Include the node_modules in the bundle you upload or include a package-lock and recommend to use npm ci, so exactly the same packages are used by the reviewer

Further, reviewers that review extensions with bundles are always special reviewers, so called admin reviewers.

Also, it seems you are asking for your extension to be disabled completely instead of just having to re-submit the update with a reproducible build?

3

Hi Martin,

Thanks for your quick answer.
I will upload a new version with no changes, as I have none to make, but with the node_modules folder for the reviewers. I don’t mind re-submit a version with a reproducible build, but I’m afraid that reviewer won’t be able to get exactly the same code as mine again, and I will have to do resubmit again and again.

I’m glad to learn that extensions with bundles are reviewed by special reviewers, even if in my case the very first one had really no idea of what is grunt. It explains why I get a second reviewer.
I think reviewers must have to fullfill their profile, as it is very weird to be reviewed by someone who seems to have never created a module.

Obviously I don’t ask for my extension to be removed (I’d have done it by myself) but If the point to reject my last version is because reviewer can’t be sure that compressed js does not include bad code, he should have to review the previous version. Else for security reasons I don’t see the point of the review.

My only goal here is to understand how things work, and get my extension approved, even if only a few people actually use it.

But as I think that review process is a bit complex for a free, free time made extension, I do prefer to let it know and talk about it, than drop my extension developement. Maybe my experience can make things easier for a next time.

4

There is another option, especially since your extension seems to have a limited number of users.

You can submit it as as unlisted, so it is signed, and distribute it on your own.

5

It could be a solution if I can’t have the extension accepted.

Before that, as everyone, as the purpose of every app, the goal is to make the extension as easy to find as possible. So if it can stay on the mozilla addons store, better.

6

Hello All,

I have a few comments to consider. First of all, it is best to concentrate all conversations around review messages using the review tools. If we discuss specifics here, it will not be reflected on the reviewer tools and other reviewers may miss the message.

  • We require sources to be reproducible. 7 days may not seem like a lot, but without reproducible sources we cannot verify that the code matches our policies.
  • Once an add-on is rejected, you can continue to respond and the messages will be reflected in the reviewer tools.
  • If older versions were not rejected that minify/obfuscate/concatenate the same way, this was probably overlooked. We usually reject all affected versions.
  • That you got a different reviewers is probably a pure coincidence. Note that the instructions need to be straightforward, a target that executes the dist build without requiring whitespace changes and grunt watch would be preferable. Especially since you suggest to change files, this will also change the outcome of the build.
  • As mentioned, it is entirely possible to match sources with npm et al. Make sure you have a package lock file which allows us to use the same versions
  • Attaching the node_modules folder is not helpful, otherwise we’d have to review all those files. Please keep the sources clean and use a locking file instead.
  • Please note that our polices apply to self-hosted (formerly called unlisted) add-ons as well, so suggesting to move it there won’t really solve the problem.
  • In line with our community participation guidelines, please do not assume gender. Keep it neutral, or be sure you are right.

I know this is a lot of info to process, I’m sorry it came out so long. I guess the short version is, make sure you have reproducible sources, there is a way. We are happy to take another look.

1 Like
7

That’s true, I didn’t not think this will be a problem in the first place. I’ve send a message to the reviewer to tell him can run a simple “grunt” from the command line to compress files whitout having to modifiy them.

Ok, did not do that intentionaly, so sorry if I hurt someone. As I said, I’m not a english native speaker so I try to do my best to be comprenhensible.

Anyway, the reviewer has answered me on the review page, I’ll try to upload a more detailled version with lock on versions.