1 |
> On 23 Oct 2021, at 14:40, Sam James <sam@g.o> wrote: |
2 |
> |
3 |
> |
4 |
> |
5 |
>> On 23 Oct 2021, at 02:55, Thomas Deutschmann <whissi@g.o> wrote: |
6 |
>> |
7 |
>> On 2021-10-21 17:16, Mike Gilbert wrote: |
8 |
>>> On Thu, Oct 21, 2021 at 4:05 AM Michał Górny <mgorny@g.o> wrote: |
9 |
>>>> 4. In the end, Security team isn't really respecting this policy. |
10 |
>>>> In the end, this leads to absurdities like GLSA being released before |
11 |
>>>> a package is stable on amd64, and confusing the users [4]. |
12 |
>>> This is certainly an absurd mistake, but I think it is unrelated to |
13 |
>>> the topic of your message. It looks like Whissi jumped the gun on |
14 |
>>> releasing a GLSA, which could happen regardless of the policy. Am I |
15 |
>>> missing some context? |
16 |
>> |
17 |
>> Yeah, #4 is bullshit. |
18 |
>> |
19 |
|
20 |
> Well, it's not bullshit per se, it's just not consistent with the policy. We should |
21 |
> update the policy to reflect real life. |
22 |
> |
23 |
> What I'd probably like us to do is have at least amd64 stable before |
24 |
> publishing in future (and if there's a reason amd64 can't be, we probably |
25 |
> can't/shouldn't stable on other arches anyway). |
26 |
|
27 |
... additionally, even if we're not going to update the policy page (I don't see |
28 |
why we shouldn't), what exactly does this leave "security supported" meaning...? |
29 |
|
30 |
mgorny pointed this out already but there's no real point to having |
31 |
the designation: it makes no difference wrt cleanups and also |
32 |
no real difference to when we publish GLSAs either. |
33 |
|
34 |
> [...] |
35 |
|
36 |
> best, |
37 |
> sam |