> Well, there's a little bit of a chicken-and-the-egg problem here. If > new projects are told "don't evangelize here", how will they let users > who might be interested in their project know it exists? Evangelization > is important. I don't think we want to adopt a no-evangelization rule, > but at the same time, we want to keep it within limits, too.
Yep, I think this is important. I'd also suggest that actively attempting to lure potential contributors to a project from their own mailing list is a bit of a no-no as well. A topic that someone mentioned in this thread was peer-review. Is there any venue out there for seeking third-party security review for open-source code? I don't mean anything professional, but just something Stack-Overflow-ey. A few of my projects involve crypto or some other kind of security functionality, and I feel a bit uncomfortable evangelising too much without having had someone else go over them more thoroughly than Coverity can. Here wouldn't be a good venue as they tend to range from unrelated to competing (don't judge, I just need an MIT-licenced way to check an OpenPGP signature), but given the amount of misguided security code out there, it seems like somewhere more generally-oriented might be useful. Even restricting to GnuPG itself, obviously not every one-man-band using GPG in a script can expect to come here and get a code audit. Thanks, Lachlan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
