[Debtags-devel] software quality tags?

Erich Schubert erich.schubert at gmail.com
Wed Sep 7 17:37:24 UTC 2005


Hi,
> This might be too many categories for people to agree on - I don't
> know about anyone else, but I'd never dare apply anything much more
> detailed than a tag indicating "still clearly labelled as not
> production-ready".

We definitley need more.
Apache, bind, samba - these are clearly a different class of
applications than all those new php scripts or new python apps that
are "stable".

We could maybe define it as "application that has been adopted by a
large userbase and in use for more than two years, with different
companies providing commercial support for it all around the world"

> > but also a tag for "audited".
> 
> Watch out for bitrot - a network server audited last year isn't
> necessarily safe against next year's worms.

Still software that was audited is less likely to contain security
holes than all those php scripts out there that noone ever audited. I
think that we have *many* apps in debian that were never audited.
Maybe we should make that more tags, like "audited by debian", "EAL5+"...

best regards,
Erich Schubert
--
    erich@(mucl.de|debian.org)      --      GPG Key ID: 4B3A135C    (o_
  To understand recursion you first need to understand recursion.   //\
  Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
        eine Stunde wie eine Heimat aus. --- Herrmann Hesse



More information about the Debtags-devel mailing list