[Bro-Dev] CBAN design proposal
Slagell, Adam J
slagell at illinois.edu
Sat May 21 16:16:14 PDT 2016
> On May 21, 2016, at 5:44 PM, Robin Sommer <robin at icir.org> wrote:
>
> As I read through the design doc, I started questioning our plan of
> curating CBAN content. I know that's what we've been intending to do,
> but is that really the best approach? I don't know of script
> repositories for other languages that enforce quality control on
> submissions beyond checking technical conventions like certain meta
> data being there.
I think there is a broad spectrum from no interaction to vetting and pulling into the main repository. It is about finding the right balance.
I agree with minimal restrictions that block submissions. There needs to be some basic quality control and standardization there. For example, do you have all the right pieces.
I do think there is another level of non blocking checks and quality control we can provide. For example, we can do checks for exec calls and give warnings to users. I think Puppet Forge has a nice model here. We won't block a submission, but these checks encourage better development and help new users trust submissions. That said, I think these must be automated. They can't block on a human reviewing them.
Finally, I think we need a way to let the whole community endorse scripts or script authors.
More information about the bro-dev
mailing list