List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 07/17/2010 08:50 PM, Matti Bickel wrote:
> On 07/17/2010 07:02 PM, Petteri Räty wrote:
>>> Do stabilisations on the security bug so arch team members can skim
>>> through their stabilisation list by just looking for email@example.com to
>>> find the vulnerable packages.
>> If you want things to happen this way then it should be at least
>> documented in the devmanual.
> It's in the security project's policy:
> "once an ebuild is committed, evaluate what keywords are needed for the
> fix ebuild and get arch-specific teams to test and mark the ebuild
> stable on their architectures (arch-teams should be cc'd on the bug, as
> well as releng during release preparation) and set status whiteboard to
> http://www.gentoo.org/security/en/vulnerability-policy.xml, Chapter 4
> As the CC'ing should be done by the security folks/the maintainer when a
> new ebuild is ready, I don't think it needs to be in devmanual. The
> relevant people should be aware of the process.
If relevant people already know the policy and act accordingly then why
do we have this thread in the first place?