| 1 |
>>>>> On Tue, 12 Sep 2017, Matt Turner wrote: |
| 2 |
|
| 3 |
> I suggested that when security bugs are complete, that if there are |
| 4 |
> exp architectures still Cc'd, that security simply reassign to the |
| 5 |
> maintainer and let the bug continue as a regular stabilization bug. |
| 6 |
|
| 7 |
> Unfortunately Aaron says that this is far too much work -- the hassle |
| 8 |
> of reassigning a bug and all. |
| 9 |
|
| 10 |
Let's look at the security team's own policy on that (thanks to K_F |
| 11 |
for pointing me to it): |
| 12 |
https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Bugs_in_.5Bstable.5D_status |
| 13 |
|
| 14 |
| All arches (including "unsupported" arches) must be called. But note |
| 15 |
| that only "supported" arches (as defined in the policy) are needed |
| 16 |
| before the bug can advance to [glsa] status |
| 17 |
|
| 18 |
Note that it says "unsupported arches", not "unsupported arches with a |
| 19 |
stable profile". In fact, the whole guide doesn't mention profiles at |
| 20 |
all. |
| 21 |
|
| 22 |
The alternative scenario would be only to add supported arches to the |
| 23 |
security bug. This would mean that the maintainer had to open a second |
| 24 |
bug for stabilisation on unsupported arches (which includes not only |
| 25 |
arches with experimental profiles, but also stable ones like arm). |
| 26 |
Maybe that would take away some hassle from the security team, but it |
| 27 |
would certainly mean more work for both maintainers and arch teams. |
| 28 |
|
| 29 |
Ulrich |
Archives