Re: Source code

To: debian-project@lists.debian.org
Subject: Re: Source code
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 29 Sep 2014 09:00:28 -0400
Message-id: <[🔎] 20140929130028.GM18755@onerussian.com>
In-reply-to: <[🔎] 1531700.RKdeuiGA8D@droid>
References: <[🔎] 1531700.RKdeuiGA8D@droid>

On Mon, 29 Sep 2014, John wrote:
> Hey, just for curiosity, do you guys read all the source code before make it 
> available on repos?

With a stretch of definition of 'all', I usually

1. glance/review high level structure/licenses

2. identify if any 3rd party module must go into separate pkg/use
   system-wide available; and strip them

3. Depending on the level of trust to the developers, grep for
   some obvious malicious activities (etc, passwd, etc)

4. Perform more thorough license/copyright review while also glancing
   over the code base (in scientific software it is still way too common
   to find snippets from e.g. numerical recipes) .   Some times just do
   in mc, some times in emacs/dired

5. proceed with packaging

in the next revisions, rely on debdiff to review changes from the
previous upload

-- 
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Research Scientist,            Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834                       Fax: +1 (603) 646-1419
WWW:   http://www.linkedin.com/in/yarik

Reply to:

References:
- Source code
  - From: John <strongman_john@yahoo.com>

Prev by Date: Source code
Next by Date: Re: Source code
Previous by thread: Source code
Next by thread: Re: Source code
Index(es):
- Date
- Thread