[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: A more hands on review process
From:       Dirk Mueller <mueller () kde ! org>
Date:       2008-08-05 17:50:49
Message-ID: 200808051950.50014.mueller () kde ! org
[Download RAW message or body]

On Thursday 31 July 2008, Stephen Kelly wrote:

> I propose a review process based on review criteria instead of time.

Very good idea :)

> Security
> * The application / library has no obvious security flaws.

It should even be free of non-obvious security flaws. A security audit is 
however a long and time consuming process, and it hasn't been done for a lot 
of parts of KDE either.

> * Network accessing protocols
> * html entities ('<', '>', "'", '"', '?') are encoded

Lets redefine it as : 

* some thought has been put into the design to ensure that potentially 
malicious (tainted) data can not trigger malfunction or passed on to other 
systems that trust the input. 


Greetings,
Dirk
[prev in list] [next in list] [prev in thread] [next in thread]