| 1 |
On Fri, Sep 14, 2012 at 7:15 AM, Alex Legler <a3li@g.o> wrote: |
| 2 |
> A general note: The request makes one wonder a bit how much you actually |
| 3 |
> care about your package if a few emails disturb you. Arches, Security, |
| 4 |
> and users reporting issues are trying to help you get the package into a |
| 5 |
> good shape. |
| 6 |
|
| 7 |
I suspect that this concern arose in part due to a series of around |
| 8 |
two dozen bug comment emails that were sent to the chromium@ alias in |
| 9 |
the span of a day relating to security problems for versions as old as |
| 10 |
chromium-7. I doubt anybody anywhere still cares about security |
| 11 |
problems with chromium 7 - just about every major chromium release |
| 12 |
contains security fixes, so if you aren't on the latest major version |
| 13 |
you're guaranteed to be vulnerable. A good tip is that if you haven't |
| 14 |
worked out your CPUs in the last two weeks on a chromium build, you're |
| 15 |
out of date. |
| 16 |
|
| 17 |
I suspect this is a bit of a one-off as the security team continues to |
| 18 |
catch up from a past hiatus (stabilizations were getting done, but |
| 19 |
GLSAs were never issued). I remember there being a wave of ancient |
| 20 |
GLSAs a few months ago, but perhaps the entire queue wasn't flushed |
| 21 |
out. Aliases that pertain to a large number of security-affected |
| 22 |
packages were probably disproportionately impacted. |
| 23 |
|
| 24 |
So, if this is a one-off then perhaps we shouldn't use it as the basis |
| 25 |
for policy changes. That said, I think your proposal to allow |
| 26 |
maintainers to un-CC themselves after the tree is cleaned up makes |
| 27 |
sense. |
| 28 |
|
| 29 |
Rich |
Archives