On Wed, 2006-07-05 at 15:50 +0200, Arjan van de Ven wrote: > > Further: A basic security check would mean that each packager and the > > reviewer must understand and know the programming language the software > > he packages is written in. > > actually only a reviewer.... > well depends on what you want; a general "this looks sane enough" is > different from a detailed audit. It's even worse: All FE currently has is an "initial this looks sane enough" review. Once a package is in FE, there actually is no QA nor audit on packages at all. Nobody but the package owner is allowed to change packages. If he doesn't want to listen, nothing will happen, maintainers have all kind of freedom to commit all kind of stupidities they want. > > It seems to me that a lot of people often forget that. But does that > > mean that I (and all the other non-programmers) should stop contributing > > to Extras? > > absolutely not! As I've just said in another posting: We need teams of competent people to deal with dedicated tasks. Security/code auditing would be one example for such task. Ralf
