1 |
On 2017.03.11 20:50, Kristian Fiskerstrand wrote: |
2 |
> A draft of a Pre-GLEP for the Security project is available for |
3 |
> reading |
4 |
> at https://wiki.gentoo.org/wiki/User:K_f/GLEP:Security |
5 |
> |
6 |
> The GLEP follows a line of GLEPs for special projects that have |
7 |
> tree-wide access in order to ensure proper accountability (c.f GLEP 48 |
8 |
> for QA and still non-produced GLEP for ComRel (I've started working on |
9 |
> this and will be presenting this one later as current ComRel Lead)) |
10 |
> |
11 |
> Comments, patches, threats, etc welcome |
12 |
> |
13 |
> -- |
14 |
> Kristian Fiskerstrand |
15 |
> OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
16 |
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
17 |
> |
18 |
> |
19 |
|
20 |
Kristian, |
21 |
|
22 |
First of all, thank you. We have needed something like this for several |
23 |
projects, for some time. |
24 |
|
25 |
A few odds and ends. |
26 |
|
27 |
Why do Security Project members need to be ebuild devs? |
28 |
Non ebuild developers can contribute by producing GLSAs, |
29 |
for example. |
30 |
|
31 |
Who manages the Security Project (from outside). It appears from |
32 |
the draft GLEP, nobody. That means that the project could become |
33 |
moribund and nobody would notice. Its not like Gentoo enforces |
34 |
or even checks for leadership elections. That's an anual event |
35 |
anyway, so its not a measure of a projects continued well being. |
36 |
|
37 |
Compare the Security Project to council, that have a monthly |
38 |
showing of project health. |
39 |
|
40 |
Projects tend to be left alone. Gentoo has several projects that |
41 |
appear to be unmanaged but cannot be permitted to die out. |
42 |
This is one. Who takes the Security Projects pulse and how? |
43 |
|
44 |
A periodic automated message to -dev that all Security Project |
45 |
members "reply to list" is both public and mimnimally invasive. |
46 |
Its no more than 'roll call'. |
47 |
|
48 |
Now the hard one, who does what when there is no pulse from |
49 |
the Security Project? |
50 |
|
51 |
This isn't really a Security Project issue. If its ever needed, the |
52 |
Security Project isn't active. It affects other projects too, like |
53 |
comrel, QA and others. Perhaps there is a common solution |
54 |
to taking a proqcts pulse and reacting when there is none. |
55 |
|
56 |
-- |
57 |
Regards, |
58 |
|
59 |
Roy Bamford |
60 |
(Neddyseagoon) a member of |
61 |
elections |
62 |
gentoo-ops |
63 |
forum-mods |