| 1 |
On 07/06/2016 10:37 AM, Anthony G. Basile wrote: |
| 2 |
>> > If council approval of special projects as lead is an important factor, |
| 3 |
>> > maybe we should rather also approve security leads? |
| 4 |
>> > |
| 5 |
> Approving a security lead is not sufficient. QA is governed by GLEP 48. |
| 6 |
> The very procedure of producing a glep means scrutiny by the community |
| 7 |
> as to its scope, mandate, procedure and powers. By the security team |
| 8 |
> simply thinking it has the powers to p.mask and bump packages, its is |
| 9 |
> essentially circumventing Gentoo governance. If it needs these powers, |
| 10 |
> it should go through QA. |
| 11 |
|
| 12 |
I'm not aware of any security policy that indicates bumping packages as |
| 13 |
being a role for security (it really is up to maintainer), but it is an |
| 14 |
interesting point for p.mask that is part of the written policies of the |
| 15 |
project. |
| 16 |
|
| 17 |
A GLEP for the security project would make a great deal of sense in |
| 18 |
general and is on overtime. I will stop the discussion of any specifics |
| 19 |
on that at this point though, as it hasn't been discussed within the |
| 20 |
project which in any case is a natural first step to things. |
| 21 |
|
| 22 |
-- |
| 23 |
Kristian Fiskerstrand |
| 24 |
OpenPGP certificate reachable at hkp://pool.sks-keyservers.net |
| 25 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
Archives