Arjan van de Ven schrieb: > On Wed, 2006-07-05 at 13:50 +0100, David Woodhouse wrote: >> On Wed, 2006-07-05 at 08:02 -0400, seth vidal wrote: > I assume basic security quality is at least part of the review process.. > or I hope it is... No there isn't. In an ideal world there should be one, but there are a lot of others things that aren't done currently that should be done first before we get a step closer to that ideal world. Further: A basic security check would mean that each packager and the reviewer must understand and know the programming language the software he packages is written in. And that's often not the case and would make packaging and reviewing even more complicated (it hard enough already) Heck, it's probably even worse: There are afaik a lot of Extras packagers that simply are no real programmers at all. I for example don't know C or C++, my Java skills are limited, I never found enough time to really dig into python and the only think I understand well is bash -- and that's not a real programming language. It seems to me that a lot of people often forget that. But does that mean that I (and all the other non-programmers) should stop contributing to Extras? >[...] > And if there is really no functional requirements in the spec.. maybe > there should be a second spec/recommendation for functional things? That > could be useful for external projects as well, as a checklist in the > "did we forget anything to be useful to a wide audience" kind of way.. Can't hurt. Cu thl