Packaging guidelines: IPv6
Ralf Corsepius
rc040203 at freenet.de
Wed Jul 5 14:12:31 UTC 2006
On Wed, 2006-07-05 at 15:50 +0200, Arjan van de Ven wrote:
> > Further: A basic security check would mean that each packager and the
> > reviewer must understand and know the programming language the software
> > he packages is written in.
>
> actually only a reviewer....
> well depends on what you want; a general "this looks sane enough" is
> different from a detailed audit.
It's even worse: All FE currently has is an "initial this looks sane
enough" review. Once a package is in FE, there actually is no QA nor
audit on packages at all. Nobody but the package owner is allowed to
change packages. If he doesn't want to listen, nothing will happen,
maintainers have all kind of freedom to commit all kind of stupidities
they want.
> > It seems to me that a lot of people often forget that. But does that
> > mean that I (and all the other non-programmers) should stop contributing
> > to Extras?
>
> absolutely not!
As I've just said in another posting: We need teams of competent people
to deal with dedicated tasks. Security/code auditing would be one
example for such task.
Ralf
More information about the Fedora-maintainers
mailing list