I said a while back when the plans for for 1.5 were released that I didn’t think it was a good idea. Yeah it's great ZC will be the first open source free cart system that will be PCI Certified. But that surely sets a precedent for all ZC versions, 1.5a … 1.5k … 1.6.3b ...1.9.9z. Or whatever the version numbers are that will come.
If the devs don't mind maintaining this additional millstone around their neck, then it's great for the ZC community, brand, product and a brilliant idea. But as Vger pointed out, it is only the big players that offer PCI certified versions. I would imagine that is a resource hungry process, possibly the reason behind the ZC financial restructuring?
Is this PCI Certified move an attempt to attract big multimillion pound/dollar/euro companies into the fold of ZC? I believe many have 1.3.9h PCI certified up to level 3? I personally would like to think that once my online stores moved into the requirements of PCI level 2 certification I would either be retired and out of the 'hands on' online side, or be able to employ an in house team, using either a bespoke system or Magento Enterprise as the core.
Almost all decent add-ons are now broken, which isn’t a problem if the add-on developers can rewrite them to suit 1.5. But more critically, are the bosses in charge of ZC going to implement a system that all add-ons for 1.5 must pass / not break PCI Certification. Otherwise, many peoples ZC site will not be PCI certified. And a standard 'out of the box' ZC install lacks too many features of other 'out of the box' installs from rivals, thus many add-ons are required to provide a modern dynamic online business.
While I think the 1.5 security focused rewrite is a good idea to force better security procedures, like Mr Kuroi's Admin Profiles system, I cannot help but wonder if better time, effort, money and energy would not be better placed on the development of 2.0? Unless, as I stated many many months ago, is this a means of giving a few years breathing space for the release of 2.0? As all add-ons etc will have to be rewritten from the ground up for 2.0
Sorry, I know many will disagree, but I can't help but feel that the focus to be PCI certified is pissing into the wind.
You may now open fire.
Bookmarks