| 1 |
> On 12 Aug 2021, at 16:17, Agostino Sarubbo <ago@g.o> wrote: |
| 2 |
> |
| 3 |
> On giovedì 12 agosto 2021 14:53:33 CEST Michał Górny wrote: |
| 4 |
>> To resolve these problems going forward and establish consistent |
| 5 |
>> behavior in the future, I'd like to propose to disable 'package list' |
| 6 |
>> fields on security bugs and instead expect regular stabilization bugs to |
| 7 |
>> be used (and made block the security bugs) for stabilizations. While I |
| 8 |
>> understand that filing additional bugs might be cumbersome for some |
| 9 |
>> people, I don't think it's such a herculean effort to outweigh |
| 10 |
>> the problems solved. |
| 11 |
> |
| 12 |
> I think it is a good idea but the stabilization bug that blocks the security |
| 13 |
> bug should at least have something (bugzilla KEYWORD?) to facilitate the |
| 14 |
> search of the security stabilization. |
| 15 |
> Atm we look for bugs with assignee = security@ and cc = arch@ |
| 16 |
> |
| 17 |
|
| 18 |
This is my primary concern and as long as we use e.g. the SECURITY |
| 19 |
keyword, I'm happy. From #gentoo-dev: |
| 20 |
|
| 21 |
[22:34:36] <@sam_> ago: I was wondering if I could just detect by blockers but I think SECURITY blocker is simpler and requires less code/handling overall, so WFM |
| 22 |
[22:35:25] <@ago> yeah |
| 23 |
|
| 24 |
I'm a _little_ bit unsure about the extra work of filing new bugs, but I suspect |
| 25 |
It's going to be worth it because of less special casing for everybody involved |
| 26 |
(and not having to explain why security bugs are different to newbies, proxied-maints, |
| 27 |
...). |
| 28 |
|
| 29 |
best, |
| 30 |
sam |
Archives