Re: Source code
On Mon, 29 Sep 2014, John wrote:
> Hey, just for curiosity, do you guys read all the source code before make it
> available on repos?
With a stretch of definition of 'all', I usually
1. glance/review high level structure/licenses
2. identify if any 3rd party module must go into separate pkg/use
system-wide available; and strip them
3. Depending on the level of trust to the developers, grep for
some obvious malicious activities (etc, passwd, etc)
4. Perform more thorough license/copyright review while also glancing
over the code base (in scientific software it is still way too common
to find snippets from e.g. numerical recipes) . Some times just do
in mc, some times in emacs/dired
5. proceed with packaging
in the next revisions, rely on debdiff to review changes from the
previous upload
--
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Research Scientist, Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
Reply to: