> On May 21, 2016, at 5:44 PM, Robin Sommer <ro...@icir.org> wrote: > > As I read through the design doc, I started questioning our plan of > curating CBAN content. I know that's what we've been intending to do, > but is that really the best approach? I don't know of script > repositories for other languages that enforce quality control on > submissions beyond checking technical conventions like certain meta > data being there.
I think there is a broad spectrum from no interaction to vetting and pulling into the main repository. It is about finding the right balance. I agree with minimal restrictions that block submissions. There needs to be some basic quality control and standardization there. For example, do you have all the right pieces. I do think there is another level of non blocking checks and quality control we can provide. For example, we can do checks for exec calls and give warnings to users. I think Puppet Forge has a nice model here. We won't block a submission, but these checks encourage better development and help new users trust submissions. That said, I think these must be automated. They can't block on a human reviewing them. Finally, I think we need a way to let the whole community endorse scripts or script authors. _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
