Recent work @ MDLSITE-3252 leaded to some internal discussion about our current third-party library handling rules being too relaxed/undefined.

Found links:

• MDLSITE-3252: CiBoT check were the first approximation to the problem was implemented, looking forward for more strict rules to be able to improve it.
• MDL-42958: Policy (agreed) about deprecation of third party libraries.
• MDL-47147: About to review periodically the libs for new versions.
• NEWMODULE docs: About how a module can have its own third part libraries.

At the same time, we have found many inconsistencies here and there, some:

• Upper README_MOODLE.txt, wrong moodle_readme.txt occurrences.
• Wrongly placed (in subdirs or in component dirs) readme_moodle.txt.
• Sort of conflict and or gray area between readme_moodle.txt and upgrade.txt
• ...

So this policy issue is about to try to put all the elements on the table related with third party libraries and achieve, at least, these:

1) Agree about a simple and clear policy to add/update/hack/delete third party libraries.
2) Document it.
3) Enforce it.

Ciao