A more hands on review process
Dirk Mueller
mueller at kde.org
Tue Aug 5 18:50:49 BST 2008
On Thursday 31 July 2008, Stephen Kelly wrote:
> I propose a review process based on review criteria instead of time.
Very good idea :)
> Security
> * The application / library has no obvious security flaws.
It should even be free of non-obvious security flaws. A security audit is
however a long and time consuming process, and it hasn't been done for a lot
of parts of KDE either.
> * Network accessing protocols
> * html entities ('<', '>', "'", '"', '?') are encoded
Lets redefine it as :
* some thought has been put into the design to ensure that potentially
malicious (tainted) data can not trigger malfunction or passed on to other
systems that trust the input.
Greetings,
Dirk
More information about the kde-core-devel
mailing list