A heated Twitter debate is under way over what Magento should or should not allow in the new, updated Connect, and it was started by Magento themselves.
The plans are that new Magento Connect will focus on the quality of extensions listed and will, ultimately, become a much more merchant- and developer-friendly place where everyone around Magento ecosystem will run to, not from.
The biggest question seems to be – should encrypted Magento extensions be allowed? Let’s check the story behind it, pros, cons, and in-betweens and try to come up with a solution, or figure out what Magento will decide.
So, what’s the whole fuss about?
If you’re not that familiar with Magento Connect (really? so what are you doing here exactly?), it started out as a Magento “app store”, or a place where anyone involved with Magento implementations can find extensions that will give them that extra piece of functionality needed on top of already a robust system that is Magento.
The issue with it, as it was with Android Market as opposed to App Store, was that developers were able to publish any type of extension without any scrutiny, quality or security check – and you can imagine the “diversity” we had there.
Working directly with merchants as a Solution Partner, you can imagine the things we came across and the stories our developers can share – dozens (in some instances hundreds) of extensions installed, completely messed up installations, websites that we had no idea how they’re still holding up.
With that said, we have used a number of high quality extensions and recommended a lot to our clients as there are plenty of great extension development companies out there who also offer top level support.
Open source, you say? We don’t think so.
Now, this is all good for “standard”, OSS extensions – but, there are some players in the Magento ecosystem who decided to go an extra mile with protecting their IP and have decided to encrypt their extensions – there are several ways to go about this, and one widely used, and such that most discussions are in fact about, is by using ionCube.
What this encryption does is protect certain files within a software (in this case a Magento extension) from being accessed and, ultimately, modified.
And that, my friends, is what open source community doesn’t like 🙂
Imagine a developer whose job and passion is solving problems. Now imagine that developer running into an ionCubed extension on a client’s site. Now imagine the frustration if that particular extension is causing an issue with the site and he can’t do anything about it.
Now imagine, on top of all that, a merchant who opted to go with Magento because it was open source and because the usual sales pitch is that you are free to modify it in any way and that you have a vast community of quality partners who can help you out.
But hey, there’s always support, right?
Yes and no. Granted, there are some companies that provide excellent support around their encrypted extensions and they can work together with solution partners and merchants. And there are those who can’t or simply don’t. And then everyone is stuck.
It started with a tweet…
The most recent debate was started by a tweet from Tanya Soroka, one of Magento’s product managers. And Magento should know by now that once you ask for opinion from a very vocal community, that’s exactly what you’re going to get.
As you can imagine, the discussion(s) quickly took a lot of twists and turns and it’s kind of difficult to keep track of everything that’s being said. So, I tried to sum it up.
Pros, cons and in-betweens
The majority of the recent controversy stems from two main “philosophies”, at least how I see them:
- Magento is open source, and should promote open source across its entire ecosystem (because it’s also a way to ensure no-one gets stuck with any particular vendor, beating the entire open source concept)
- Magento is a business and it should do what it deems necessary to ensure the majority of their stakeholders are happy, and basically let the market decide (and since the ecosystem around it has grown well beyond development companies, can’t we all just get along?)
Now, these two don’t need to be in a complete mismatch, but there are strong feelings from developers, solution partners, and many industry partners as well that encryption simply doesn’t play to anyone’s best interest (other than those encrypting the extensions, of course). The feelings around this option are in my mind stronger as they take into account the whole idea of the open source and the community, and bring it to a higher level.
Those opposing such an opposing attitude from an open source community do raise a valid point when they say that a community around Magento used to be (and should be) a little more inclusive. They say we shouldn’t force someone out of play just because they decided to protect their IP in a certain way. And they argue that ultimately the merchants will decide and move away from such providers who do not give them the proper support. This position is more business- and not community-driven.
Should this discussion really be about Unirgy?
Many people have mentioned Unirgy as a shiny example of good support and encryption that only covers a handful of files. And we’ve been in touch with them on several occasions and can confirm they are professional, responsive and willing to assist.
And I believe this is where most problems arise – everyone mostly mentions Unirgy – what about others? Are they the only ones who provide encryption AND good support? If so, we really do have a problem.
How shall Magento proceed?
First off, it’s great that they are including the community about a lot of new decisions they are making, especially around Magento 2. And this can, of course, be a double-edged sword with any business.
The product leadership should have a clear vision and strategy once they do take into account all different opinions, and I hope, actually I do believe the current team calling the shots around Magento product understands this.
Let’s face it, if they hadn’t asked this question and simply continued allowing all types of extensions, I don’t think there would have been so much fuss about this – yes, the developers and many solution partners, even merchants, would continue to be frustrated, but now this frustration can only get amplified is this policy remains unchanged.
There is already an “alternate” path many have suggested, and that would be that Magento allows encrypted extensions to be listed on Magento Connect, but ONLY after they have been
- submitted unencrypted
- scrutinized and approved by Magento
- encrypted by Magento themselves
And since this option is advocated by some Magento people themselves, this is probably the way they will proceed – I would only ask for regular checkups of the support level and quality of support such authors are providing. They should be placed under additional scrutiny since they are not playing by the open source rules and this should be very clear to everyone.
As for our two cents, we don’t prefer those in-between solutions that try to make everybody happy as they usually end up making everybody feel the opposite.
We would prefer Magento takes this up as an opportunity to strengthen its position as an eCommerce open source leader and stand as an advocate for a true open source ecosystem.
Everyone can still offer their solutions via other channels, but if Magento Connect is looking to be a creative platform for developers and something as close to a safe haven for merchants as possible, we see it happening only with OSS written all over it.
After all, Magento isn’t using any encryption for their product themselves and they’ve created a business model around it.
So, what’s your take? Feel free to share and let some steam off before the decision is made 🙂