1 |
On Tue, Mar 14, 2017 at 7:55 PM, Yury German <blueknight@g.o> wrote: |
2 |
> |
3 |
> |
4 |
> The maintainer also knows the package, dependencies, other bugs filed, etc. Removing things for your |
5 |
> packages might be simple, but it is not the same across all packages and that is the reason we ask the |
6 |
> Maintainers to take an active step in cleaning up. |
7 |
|
8 |
I agree. |
9 |
|
10 |
The security team should be empowered to do the cleanup, but I think |
11 |
their first priority should be to administering the overall process. |
12 |
Anything maintainers can do to move it along is probably going to make |
13 |
the process more efficient. |
14 |
|
15 |
The reality is that most of the "work" in terms of commits/etc in |
16 |
security work is really done by maintainers and arch teams. The main |
17 |
role of the security team is to ensure that it is all happening, so |
18 |
they're going to spend a lot of time herding along everybody else. |
19 |
They can always chip in with other things but if they don't do the |
20 |
administrative overhead nobody else will. |
21 |
|
22 |
-- |
23 |
Rich |