[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what about an special QA package priority?


On Tue, 2008-05-20 at 17:21 -0300, Luciano Bello wrote:
> Hi list,
> 	I was thinking about the Debian/OpenSSL debacle. Clearly it not easy to 
> manage a hard meticulous QA process in all packages. In the other hand, there 
> are packages more critical than others, which are more delicate to security.
> 	Sometimes, those packages have different priorities in the policy meaning. 
> Maybe we can implement this as an Optional header in the control.
> 	The point is: if we can create critical QA category for delicate packages in 
> the security sense we can have mandatory QA requirement. For example:
>  - It should be checked with debugging tools (like valgrind :P)

Isn't valgrind how we got into this mess to begin with?

>  - It should maintained by a team
>  - It should a public VCS
>  - Its patches should be sign-off by reviewers (Raphael Hertzog (hertzog@) 
> proposed something like this)
> 	You can extend or reduce this list. We can discuss about the implementation. 
> But I mainly want to know your opinion.
> 	Please, paste the URL if you discussed this in the pass.
> luciano

I think for critical packages, valgrind prettyness isn't something to
care about (unless the interest is generating suppressions).


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: