It's not how free software works, but there are some interesting projects working on (distributed, not centrally managed) code review systems that are kind of similar in spirit to what OP describes.
https://github.com/crev-dev/crev https://github.com/crev-dev/cargo-crev https://mozilla.github.io/cargo-vet/ That is, individuals and organizations can publish the results of their code audits publicly in a standardized format, tied to a package artifact, and a downstream consumer could denote which individuals and organizations they trust to perform said audits. It's technically possible and not an entirely ridiculous idea, it's just economically challenging. How do you find enough people willing and able to audit a package (including e.g. autotools build scripts), in multiple, to the level of scrutiny that would be required to catch something like this. -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
