Thanks!

I don't know that there are any acceptable ones, maybe change it to "verified"?

There's a flip side to this: security fixes for packages that were already in extras should probably get a karma bump and prioritised for promotion, even if they come with some more "minor" faults (eg missing features or no screenshot).

Sounds good in principle, though the list of dependencies can be long and cumbersome to check in some cases.

But: what about security issues in libraries that could affect several (otherwise secure) apps? Should the insecure library packages be demoted thus making the apps that depend on them non-installable? Should those apps also be demoted until the dependencies are fixed? Maybe, maybe not, but the severity is multiplied in a case like this. Perhaps we need some sort of "emergency response" team for security issues in general, but that's starting to get off-topic.

That should be grounds for removal from all repositories IMHO.

Hm, a can of worms that one. I'd prefer we never saw those kinds of apps personally, but I would like arbitrary censorship even less. I guess ultimately Nokia would be legally responsible for whatever is published, so we should go with whatever Finnish law allows.

(I assume that content refers to what is present in the packages themselves, rather than content that could potentially be accessed by the application, so it wouldn't apply for example to an email client that could at some point receive a v!@gra spam containing dubious images).