1 |
On Fri, Sep 14, 2012 at 7:15 AM, Alex Legler <a3li@g.o> wrote: |
2 |
> A general note: The request makes one wonder a bit how much you actually |
3 |
> care about your package if a few emails disturb you. Arches, Security, |
4 |
> and users reporting issues are trying to help you get the package into a |
5 |
> good shape. |
6 |
|
7 |
I suspect that this concern arose in part due to a series of around |
8 |
two dozen bug comment emails that were sent to the chromium@ alias in |
9 |
the span of a day relating to security problems for versions as old as |
10 |
chromium-7. I doubt anybody anywhere still cares about security |
11 |
problems with chromium 7 - just about every major chromium release |
12 |
contains security fixes, so if you aren't on the latest major version |
13 |
you're guaranteed to be vulnerable. A good tip is that if you haven't |
14 |
worked out your CPUs in the last two weeks on a chromium build, you're |
15 |
out of date. |
16 |
|
17 |
I suspect this is a bit of a one-off as the security team continues to |
18 |
catch up from a past hiatus (stabilizations were getting done, but |
19 |
GLSAs were never issued). I remember there being a wave of ancient |
20 |
GLSAs a few months ago, but perhaps the entire queue wasn't flushed |
21 |
out. Aliases that pertain to a large number of security-affected |
22 |
packages were probably disproportionately impacted. |
23 |
|
24 |
So, if this is a one-off then perhaps we shouldn't use it as the basis |
25 |
for policy changes. That said, I think your proposal to allow |
26 |
maintainers to un-CC themselves after the tree is cleaned up makes |
27 |
sense. |
28 |
|
29 |
Rich |