1 |
On Sat, Oct 20, 2018 at 8:19 AM Andreas Sturmlechner <asturm@g.o> wrote: |
2 |
> |
3 |
> On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: |
4 |
> > ARM is not a Gentoo security supported arch. |
5 |
> > |
6 |
> > If the ARM maintainers feel that stable keywords make the lives of |
7 |
> > their users better, and it isn't causing problems for anybody else, |
8 |
> > I'm not sure why we should be interfering with this. |
9 |
> |
10 |
> That's interesting. If it's not security supported, does that mean we can |
11 |
> simply clean up vulnerable versions and drop every arm revdep to ~arm? |
12 |
> |
13 |
> Or are we supposed to keep vulnerable versions around and drop every keyword |
14 |
> except arm? |
15 |
> |
16 |
|
17 |
Setting aside the security supported flag that was already discussed, |
18 |
there is also a council decision regarding this general topic [1]. |
19 |
The only issue is that I'm not certain if it was intended to apply to |
20 |
ARM, or only to specific arches [2]. |
21 |
|
22 |
The last policy was: |
23 |
|
24 |
"If a maintainer has an open STABLEREQ, or a KEYWORDREQ blocking a |
25 |
pending STABLEREQ, for 90 days with archs CCed and otherwise ready |
26 |
to be stabilized, the maintainer can remove older versions of |
27 |
the package at their discretion. A package is considered ready to be |
28 |
stabilized if it has been in the tree for 30 days, and has no known |
29 |
major flaws on arches that upstream considers supported." [1] |
30 |
|
31 |
IMO that was written generically enough that it could apply anywhere, |
32 |
but that is up to the Council. In theory it could even be safely |
33 |
applied to x86/amd64, especially since maintainers can |
34 |
self-stabilize/keyword on those arches typically. |
35 |
|
36 |
[1] - https://projects.gentoo.org/council/meeting-logs/20131119-summary.txt |
37 |
[2] - https://projects.gentoo.org/council/meeting-logs/20130917-summary.txt |
38 |
|
39 |
|
40 |
-- |
41 |
Rich |