[TYPO3-extrev] ext_rev and security team

[Michael Hirdes]

hi stefano,

at the moment, we have to separate things a little bit:

it made clear, after trying to bring the ext_rev team up, that all 
efforts of reviewing in the way, we figured out in kitzbühel won't work, 
but of the sheer amount of extensions. so, some desicions were made, to 
speed things up:

1. to have the new TER2 started, all extensions wich are in the TER2 
have to be reviewed to security issues. as we have the security team, we 
thought, it would be best, to do that there.

2. these are "just" security and code reviews. in the sec team, we _not_ 
review the functionallity or the usability of the extension in detail.

3. we still need some extrevteam. In my opinion we should think over the 
way, how to review extensions robert brought on the idea of doing it 
like a book review for example, or like a test in a computer magazine. 
my idea was, to start that whole discussion again after launching TER2, 
typo3 4.0.0 and the new typo3.org, as we had to see, what TER2 brings.

so, my answers to your questions:

> 1) the two teams join together

i don't think, as the security teams purpose is not to review 
extensions, but to react to security warnings and issues. but i think, 
we could learn from the reviews they do at the moment and use that.

> 2) the security team "assists" the ext_rev team

as i mentioned in a way, that the sec team hands over some "roadmap" how 
to review, regarding security issues. so everey extrev team member can 
have an eye on that too.
> 3) the http://typo3.org/teams/extrev/ gets deleted!

lets get it updated :)

so, ideas are welcome !

cheers,
dodger

-- 
ELIOS
Falkenried 74a  - 20251 Hamburg
fon:040/97074701 - fax 040/97074705
Http://www.elios.de