Collecting suggestions of Guildhall

[Nala Ginrut]

Hi folks!
We'd like to start up guildhall.gnu.org, which is a guilers community
MAYBE based on savannah to let you guys share/fetch Guile packages. Just
like rubygems.org does. ;-)

Since savannah provides many VCS-systems: CVS/subversion/GNU
Arch/Mercurial/Bazaar, guilers may choose their favorite to maintain
their works, and submit the package to guildhall repository. 

IMO, a guildhall package must pass these two steps:
1. Package verify policy (PVP)
The rules to verify if package is valid/invalid.
And the package info specification. Include version-convention &
name-convention.
It can be checked automatically with a certain tools.

2. Package evaluate policy (PEP)
The rules to evaluate a submitted package, we need to classify them.
Current categories are:  quality/freedom/maintainability/experimental
This step has to be checked by human.

Though PEP & PVP seems alike, but they are different. If a package can't
pass PVP, it can't be classified according to PEP. PEP is used to
evaluate the quality of the package, but PVP is about the health of a
package. A valid package must be healthy, then it has the qualification
to be evaluated.

** Package security policy (PSP)
The rules to check if a package security/vulnerability, or even
malicious. 
This seems a hardcore one. I've no idea about it, but it's significant
though.

Now I'm inviting all folks to share your suggestions about the rules.
You may borrow some opinions from other communities anyway. 

But not limit to the rules, any related suggestions are welcome and
appreciated. ;-)

Thanks!