Gentoo Archives: gentoo-dev

From: "Petteri Räty" <betelgeuse@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: [gentoo-dev-announce] Security stabilisations
Date: Sat, 17 Jul 2010 17:57:04
Message-Id: 4C41EF2D.6000104@gentoo.org
In Reply to: Re: [gentoo-dev] Re: [gentoo-dev-announce] Security stabilisations by Matti Bickel
On 07/17/2010 08:50 PM, Matti Bickel wrote:
> On 07/17/2010 07:02 PM, Petteri Räty wrote: >>> Do stabilisations on the security bug so arch team members can skim >>> through their stabilisation list by just looking for security@g.o to >>> find the vulnerable packages. >>> >>> V-Li >>> >> >> If you want things to happen this way then it should be at least >> documented in the devmanual. > > It's in the security project's policy: > "once an ebuild is committed, evaluate what keywords are needed for the > fix ebuild and get arch-specific teams to test and mark the ebuild > stable on their architectures (arch-teams should be cc'd on the bug, as > well as releng during release preparation) and set status whiteboard to > stable" > http://www.gentoo.org/security/en/vulnerability-policy.xml, Chapter 4 > > As the CC'ing should be done by the security folks/the maintainer when a > new ebuild is ready, I don't think it needs to be in devmanual. The > relevant people should be aware of the process. >
If relevant people already know the policy and act accordingly then why do we have this thread in the first place? Regards, Petteri

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies