[Debtags-devel] software quality tags?
Erich Schubert
erich.schubert at gmail.com
Wed Sep 7 17:37:24 UTC 2005
Hi,
> This might be too many categories for people to agree on - I don't
> know about anyone else, but I'd never dare apply anything much more
> detailed than a tag indicating "still clearly labelled as not
> production-ready".
We definitley need more.
Apache, bind, samba - these are clearly a different class of
applications than all those new php scripts or new python apps that
are "stable".
We could maybe define it as "application that has been adopted by a
large userbase and in use for more than two years, with different
companies providing commercial support for it all around the world"
> > but also a tag for "audited".
>
> Watch out for bitrot - a network server audited last year isn't
> necessarily safe against next year's worms.
Still software that was audited is less likely to contain security
holes than all those php scripts out there that noone ever audited. I
think that we have *many* apps in debian that were never audited.
Maybe we should make that more tags, like "audited by debian", "EAL5+"...
best regards,
Erich Schubert
--
erich@(mucl.de|debian.org) -- GPG Key ID: 4B3A135C (o_
To understand recursion you first need to understand recursion. //\
Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für V_/_
eine Stunde wie eine Heimat aus. --- Herrmann Hesse
More information about the Debtags-devel
mailing list