[maemo-developers] Extras QA checklist
From: Graham Cobb g+770 at cobb.uk.netDate: Thu Oct 29 00:49:18 EET 2009
- Previous message: Extras QA checklist
- Next message: Maemo Flasher-3.5 Tool final release now available
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 28 October 2009 18:28:24 Antti Vähä-Sipilä wrote: > > * MUST NOT introduce security risks. > > I'd rephrase "MUST NOT contain known security vulnerabilities" and > "MUST specify a security vulnerability reporting contact point". The second requirement is not reasonable. Many small programs, particularly one-person projects, don't need "a security vulnerability reporting contact point". There is already a maintainer field (mandatory) and the maintainer is the contact point. In fact, I am not even keen to allow an optional security vulnerability reporting contact point as that will mean creating yet another Maemo-specific package control field. And "known" means known by the developer -- no more and no less. Of course, once a tester has found a security bug and reported it, it is known by the developer so that means it cannot proceed until the bug is fixed. Graham
- Previous message: Extras QA checklist
- Next message: Maemo Flasher-3.5 Tool final release now available
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]