[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Support for insecure applications


On Fri, 12 Feb 2021, Carles Pina i Estany wrote:
> When I was discussing this with a friend I had thought if Debian could
> make available and visible for the users some metrics, contextualised in
> similar (per functionality) packages:

That would certainly be useful to expose, yes!

But many things that you are listing really relate to "best practices"
for well run open source projects and there's at least one initiative to
formalize those:

And you can get a badge/label. It would certainly make sense for us
to forward that kind of information to our users so that you can find
out which of the software that you're looking at have made the effort to
be structured according to best practices.

But we're getting away from the initial topic which was really focused on
the security aspect.

> May I ask: how do people choose (security wise or in general) between
> packages for a certain task? Could this be automated? Part of the

I do it a bit like you, I have no formal process.

  ⢀⣴⠾⠻⢶⣦⠀   Raphaël Hertzog <hertzog@debian.org>
  ⢿⡄⠘⠷⠚⠋    The Debian Handbook: https://debian-handbook.info/get/
  ⠈⠳⣄⠀⠀⠀⠀   Debian Long Term Support: https://deb.li/LTS

Reply to: