1 |
>>>>> On Tue, 12 Sep 2017, Matt Turner wrote: |
2 |
|
3 |
> I suggested that when security bugs are complete, that if there are |
4 |
> exp architectures still Cc'd, that security simply reassign to the |
5 |
> maintainer and let the bug continue as a regular stabilization bug. |
6 |
|
7 |
> Unfortunately Aaron says that this is far too much work -- the hassle |
8 |
> of reassigning a bug and all. |
9 |
|
10 |
Let's look at the security team's own policy on that (thanks to K_F |
11 |
for pointing me to it): |
12 |
https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Bugs_in_.5Bstable.5D_status |
13 |
|
14 |
| All arches (including "unsupported" arches) must be called. But note |
15 |
| that only "supported" arches (as defined in the policy) are needed |
16 |
| before the bug can advance to [glsa] status |
17 |
|
18 |
Note that it says "unsupported arches", not "unsupported arches with a |
19 |
stable profile". In fact, the whole guide doesn't mention profiles at |
20 |
all. |
21 |
|
22 |
The alternative scenario would be only to add supported arches to the |
23 |
security bug. This would mean that the maintainer had to open a second |
24 |
bug for stabilisation on unsupported arches (which includes not only |
25 |
arches with experimental profiles, but also stable ones like arm). |
26 |
Maybe that would take away some hassle from the security team, but it |
27 |
would certainly mean more work for both maintainers and arch teams. |
28 |
|
29 |
Ulrich |