From kde-core-devel  Tue Aug 05 17:50:49 2008
From: Dirk Mueller <mueller () kde ! org>
Date: Tue, 05 Aug 2008 17:50:49 +0000
To: kde-core-devel
Subject: Re: A more hands on review process
Message-Id: <200808051950.50014.mueller () kde ! org>
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=121795874307138

On Thursday 31 July 2008, Stephen Kelly wrote:

> I propose a review process based on review criteria instead of time.

Very good idea :)

> Security
> * The application / library has no obvious security flaws.

It should even be free of non-obvious security flaws. A security audit is 
however a long and time consuming process, and it hasn't been done for a lot 
of parts of KDE either.

> * Network accessing protocols
> * html entities ('<', '>', "'", '"', '?') are encoded

Lets redefine it as : 

* some thought has been put into the design to ensure that potentially 
malicious (tainted) data can not trigger malfunction or passed on to other 
systems that trust the input. 


Greetings,
Dirk