On 28/07/2017 05:54, Steve - Gadget Barnes wrote:
On 28/07/2017 00:27, p...@getaroundtoit.co.uk wrote:
S, (Andy and Mike)
Yes, you've hit a couple of pertinent points; and it might make for an
interesting project.
However, I was looking for a check-list or similar which I can give to
the pertinent dev.teams to ensure that they are 'covering all the bases'
- whereas the question: "have you checked 'everything'?" produces a
rather predictable response.
I'm thinking someone wiser than I will have written these things down -
just can't find such...
As a starting point, my personal mini-checklist, for considering
including packages:
1. Licensing: Is the project only ever going to be internal? If there is
any chance of it's being included in a commercial deliverable then the
licence and all of it's dependencies must be "Apache or better" and have
a chart of the acceptable permissive licences vs. usage. Basically the
licences that we generally have green flags for are MIT, BSD, CC-BY,
MMS-PL & PSF. With some yellow flags on Artistic/Perl & Apache.
2. A quick look at the project repository for indications of activity
such as recent check-ins, outstanding tickets, age of pull requests,
discussion levels & tone on tickets. (Call this an abandonware check).
3. The reputation, on-line & off, of the authors & maintainers.
4. Is it hosted on a host that hasn't announced its own demise.
5. Test coverage &/or Coverity
6. Do the requirements look reasonable for the nature of the package,
e.g. I wouldn't expect network or server type dependencies in a screen
shot package.
7. Ditto the imports
8. If there are none-Python elements are they about what I would expect,
i.e. things that you would expect performance issues with?
9. Support for Python 3 & 2 or at least a clear statement.
All of the above are good
You could also use the following to check for known vulnerabilities
https://www.openhub.net/explore/projects
Patrick
_______________________________________________
python-uk mailing list
python-uk@python.org
https://mail.python.org/mailman/listinfo/python-uk
