[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

what about an special QA package priority?

Hi list,
	I was thinking about the Debian/OpenSSL debacle. Clearly it not easy to 
manage a hard meticulous QA process in all packages. In the other hand, there 
are packages more critical than others, which are more delicate to security.
	Sometimes, those packages have different priorities in the policy meaning. 
Maybe we can implement this as an Optional header in the control.
	The point is: if we can create critical QA category for delicate packages in 
the security sense we can have mandatory QA requirement. For example:
 - It should be checked with debugging tools (like valgrind :P)
 - It should maintained by a team
 - It should a public VCS
 - Its patches should be sign-off by reviewers (Raphael Hertzog (hertzog@) 
proposed something like this)

	You can extend or reduce this list. We can discuss about the implementation. 
But I mainly want to know your opinion.
	Please, paste the URL if you discussed this in the pass.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: