1 |
On 07/06/2016 10:37 AM, Anthony G. Basile wrote: |
2 |
>> > If council approval of special projects as lead is an important factor, |
3 |
>> > maybe we should rather also approve security leads? |
4 |
>> > |
5 |
> Approving a security lead is not sufficient. QA is governed by GLEP 48. |
6 |
> The very procedure of producing a glep means scrutiny by the community |
7 |
> as to its scope, mandate, procedure and powers. By the security team |
8 |
> simply thinking it has the powers to p.mask and bump packages, its is |
9 |
> essentially circumventing Gentoo governance. If it needs these powers, |
10 |
> it should go through QA. |
11 |
|
12 |
I'm not aware of any security policy that indicates bumping packages as |
13 |
being a role for security (it really is up to maintainer), but it is an |
14 |
interesting point for p.mask that is part of the written policies of the |
15 |
project. |
16 |
|
17 |
A GLEP for the security project would make a great deal of sense in |
18 |
general and is on overtime. I will stop the discussion of any specifics |
19 |
on that at this point though, as it hasn't been discussed within the |
20 |
project which in any case is a natural first step to things. |
21 |
|
22 |
-- |
23 |
Kristian Fiskerstrand |
24 |
OpenPGP certificate reachable at hkp://pool.sks-keyservers.net |
25 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |