I strongly believe the JED and the VEL functions should be more tightly integrated. The VEL's usability and visibility would escalate incredibly with such a change, and adding the VEL as a "feature" OF the JED would allow both teams to have a greater positive impact on the joomla community as a whole.
Currently "vulnerability" information for extensions is not maintained where that extension is most prominently accessed. Instead vulnerability information is stored on the VEL, in a static like format with no connection to the JED listing.
Appending VEL information to a JED listing would mean that the extension has only one record within the Joomla.org family sites, and users would be able to review that extension’s past and current vulnerabilities within the context of the JED, where they most likely found the extension in the first place.
The VEL property is less functional than the JED. Searching, filtering, and ordering are all features that the JED has implemented well. Any record searching utility, like the VEL portrays itself to be, should have these features.
One major reason that the VEL is not part of the JED is because the VEL is able to then “track” non-JED distributed extensions. This is counter productive to the way Joomla has positioned itself to developers.
The community of Joomla decided many years ago to support developers who play by the community’s rules. The VEL is doing a disservice to very intentional decisions the community has made to support our community by tracking non-JED extensions. Joomla.org property sites should not be inconsistent.
The Joomla Install from Web feature, although controversial, is a huge move forward for our community. Yet that feature is less useful, and detrimental to the image and brand of Joomla if it has poorly maintained, but one-click-install accessible extensions on it. Having an extension’s VEL history log within the record would increase usefulness and functionality to install from web users considerably.
Because the VEL has relatively low visibility in comparison to the JED, extension searches on search engines like Google don’t contain VEL information. Extension developers with security vulnerabilities are not held responsible because of this low visibility. By allowing quick and easy access to VEL information from a JED listing page, extension developers will be encouraged to react more quickly, and code more responsibly with security in mind.
Maintaining a Joomla site is a huge amount of effort for any team. Updating extensions, updating Joomla, etc… all require a ton of effort. By removing the VEL, the joomla community allows the VEL team to be more productive with managing VEL information, and spend less time on website maintenance.
Again, we are not 'supporting' the extensions listed in the VEL it has absolutely nothing to do with any decision made in the Joomla community regarding GPL/non-GPL extensions - we are supporting the users. We are not out to 'hold developers accountable', that is not the purpose of the VEL. Your argument that we are somehow disrespecting the community is frankly insulting and ignorant. Note that the VEL is an official Joomla site, hosted on joomla.org, doing what it was set up to do.
Seriously? You clearly have no idea how Joomla teams actually work. I will give you one good reason why it does not make sense: are you going to pay the international travel costs? Plus who is going to pay for our time to do this? We are volunteers, we have our own work already. I have never met anyone in the VEL, in spite of working with them for the past couple of years.
And the suggestion that this is somehow about internal politics is equally insulting. We work hard at something we think is worth doing, and I do my best to stay out of politics. I find your attitude arrogant and offensive.