📝 Be more explicit about what we require from the user

.github/ISSUE_TEMPLATE/software_package_request.md

@@ -24,6 +24,10 @@ Provide details about the package you would like to see added:
 - Package name
 - Package version (if different from latest)
 - Package repository (e.g. CRAN, PyPI)
+- Number of authors/contributors to the package codebase
+- Any existing versions that should not be used (linking to publicly-accessible CVE databases if relevant)
+- Download statistics (recent and longer-term, for both current and previous versions)
+- List of packages that this package depends on
 -->
 
 ## :steam_locomotive: Why is this needed?

docs/processes/software_package_approval.md

@@ -38,13 +38,7 @@ Specific risks which this policy aims to mitigate include:
   - an expanded list to be made available from the package repositories consisting of the core and extra packages plus their dependencies
 - Users may request to add packages to these allowlists via the {ref}`package request procedure <package_request_procedure>`.
   - In the interests of improving researcher productivity the aim will be to accommodate such requests, provided there are no outweighing security concerns associated with the package or its dependencies.
-- Requests will be reviewed by the project team. The reviewer may take into account:
-  - information provided by the user when making the request
-  - package author/contributor identities
-  - any existing package/version blacklist
-  - relevant data on the package _and_ its full dependency tree including:
-    - download statistics (recent and longer-term, current and previous versions)
-    - publicly-accessible CVE databases (listing Common Vulnerabilities and Exposures)
+- Requests will be reviewed by the project team using the information provided by the user when making the request
 - If approved, a requested package will be added to either the core or extra allowlist (as appropriate)
 
 (package_inclusion_criteria)=