Hi folks! We'd like to start up guildhall.gnu.org, which is a guilers community MAYBE based on savannah to let you guys share/fetch Guile packages. Just like rubygems.org does. ;-)
Since savannah provides many VCS-systems: CVS/subversion/GNU Arch/Mercurial/Bazaar, guilers may choose their favorite to maintain their works, and submit the package to guildhall repository. IMO, a guildhall package must pass these two steps: 1. Package verify policy (PVP) The rules to verify if package is valid/invalid. And the package info specification. Include version-convention & name-convention. It can be checked automatically with a certain tools. 2. Package evaluate policy (PEP) The rules to evaluate a submitted package, we need to classify them. Current categories are: quality/freedom/maintainability/experimental This step has to be checked by human. Though PEP & PVP seems alike, but they are different. If a package can't pass PVP, it can't be classified according to PEP. PEP is used to evaluate the quality of the package, but PVP is about the health of a package. A valid package must be healthy, then it has the qualification to be evaluated. ** Package security policy (PSP) The rules to check if a package security/vulnerability, or even malicious. This seems a hardcore one. I've no idea about it, but it's significant though. Now I'm inviting all folks to share your suggestions about the rules. You may borrow some opinions from other communities anyway. But not limit to the rules, any related suggestions are welcome and appreciated. ;-) Thanks!
