On Tue, Sep 26, 2017 at 05:30:50PM +0200, Emmanuel Seyman wrote: > > That may be fine for any packagers who are actually paid to package > > (though even then I would have my doubts that every line of source has > > been checked), but it is clearly an impossible task in terms of time > > required for all the volunteer packagers. > The solution in this case is to not volunteer to do things you are > not able to do. We don't require volunteers to do a through line-by-line code audit. That's not reasonable. We by necessity put some trust in our upstream communities (and by the same token, we don't take ownership of upstream problems, although we certainly try to get the best fixes for our users). Package maintainer responsibilities are outlined here: https://fedoraproject.org/wiki/Package_maintainer_responsibilities -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx