From e008227d88c995cc6cbca72e4528e6621bfddaf7 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Fri, 20 Oct 2017 14:00:55 -0700
Subject: [PATCH] standards/review.md - Tweak "Packaging" and "Permissions"

---
 docs/standards/review.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/standards/review.md b/docs/standards/review.md
index 75cccd3a..ef0f7e82 100644
--- a/docs/standards/review.md
+++ b/docs/standards/review.md
@@ -89,11 +89,14 @@ _Standard code: `rg-pkg`_
 
 If the PR adds a new top-level file, new top-level folder, or novel file-type, consider whether "distmaker" will properly convey the file in `*.zip/*.tar.gz` builds.
 
+If the PR *removes* a dangerous file, then common package handling may not be enough to remove the file. (This is particularly for Joomla users, but also true for with
+manual file management on other platforms.) Consider updating `CRM_Utils_Check_Component_Security::checkFilesAreNotPresent`.
+
 ### Permissions {:#rg-perm}
 
 _Standard code: `rg-perm`_
 
-If the PR changes the permissions model, are we sure that demo/test builds and existing installations will continue to work the same?
+If the PR changes the permissions model (by adding, removing, or repurposing a permission), are we sure that demo/test builds and existing installations will continue to work as expected?
 
 ### Security {:#rg-sec}
 
-- 
GitLab