Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
Date: Sat, 20 Oct 2018 13:29:49
In Reply to: Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774 by Andreas Sturmlechner
On Sat, Oct 20, 2018 at 8:19 AM Andreas Sturmlechner <asturm@g.o> wrote:
> > On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: > > ARM is not a Gentoo security supported arch. > > > > If the ARM maintainers feel that stable keywords make the lives of > > their users better, and it isn't causing problems for anybody else, > > I'm not sure why we should be interfering with this. > > That's interesting. If it's not security supported, does that mean we can > simply clean up vulnerable versions and drop every arm revdep to ~arm? > > Or are we supposed to keep vulnerable versions around and drop every keyword > except arm? >
Setting aside the security supported flag that was already discussed, there is also a council decision regarding this general topic [1]. The only issue is that I'm not certain if it was intended to apply to ARM, or only to specific arches [2]. The last policy was: "If a maintainer has an open STABLEREQ, or a KEYWORDREQ blocking a pending STABLEREQ, for 90 days with archs CCed and otherwise ready to be stabilized, the maintainer can remove older versions of the package at their discretion. A package is considered ready to be stabilized if it has been in the tree for 30 days, and has no known major flaws on arches that upstream considers supported." [1] IMO that was written generically enough that it could apply anywhere, but that is up to the Council. In theory it could even be safely applied to x86/amd64, especially since maintainers can self-stabilize/keyword on those arches typically. [1] - [2] - -- Rich