[maemo-developers] Extras QA checklist
From: Antti Vähä-Sipilä avs at iki.fiDate: Wed Oct 28 20:28:24 EET 2009
- Previous message: Extras QA checklist
- Next message: Extras QA checklist
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> * MUST NOT introduce security risks. I'd rephrase "MUST NOT contain known security vulnerabilities" and "MUST specify a security vulnerability reporting contact point". This would take the ambiguity out of a security *risk* (almost nothing is risk-free). Vulnerabilities, however, are more tangible. There is, of course, still a class of vulnerabilities that could result in a debate, but much less so than when talking about risk. "Known" is also tricky - known by whom? - but it could suffice, as if anyone who is actually involved in this QA checking "knows", it would trigger this. The contact point would usually be an email address and perhaps an associated GPG key, but the bug tracker could also suffice if the project is really keen on full disclosure. - Antti
- Previous message: Extras QA checklist
- Next message: Extras QA checklist
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]