[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] [RFC] package hardening

On 21/07/2017 11:01, Thomas Gazagnaire wrote:
Hi there,

I've opened https://github.com/mirage/mirage-www/pull/562 for a proposal to improve the 
general quality of MirageOS packages, e.g the "package hardening" proposal. The 
idea is to have a list of criteria that we would like to have for feeling confident about 
the quality of a package, which would eventually lead to a tool checking this (but 
obviously we need to agree on the list first).

I would love to hear feedback on this, so feel free to comment, especially if 
you disagree :-)

LGTM! I made a few comments with minor spelling/wording things.
I'm not sure about the use of the word "hardening" though-- that has security connotations for me. Would "Package Quality Assurance" or something be better? (Since it seems most of these proposals are about quality.) Perhaps also make explicit ref to Dave's post about using topkg, jbuilder, etc? And nominate an exemplar package or two that embody these proposals?

Richard Mortier

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.