| 1 |
On Tue, Mar 14, 2017 at 7:55 PM, Yury German <blueknight@g.o> wrote: |
| 2 |
> |
| 3 |
> |
| 4 |
> The maintainer also knows the package, dependencies, other bugs filed, etc. Removing things for your |
| 5 |
> packages might be simple, but it is not the same across all packages and that is the reason we ask the |
| 6 |
> Maintainers to take an active step in cleaning up. |
| 7 |
|
| 8 |
I agree. |
| 9 |
|
| 10 |
The security team should be empowered to do the cleanup, but I think |
| 11 |
their first priority should be to administering the overall process. |
| 12 |
Anything maintainers can do to move it along is probably going to make |
| 13 |
the process more efficient. |
| 14 |
|
| 15 |
The reality is that most of the "work" in terms of commits/etc in |
| 16 |
security work is really done by maintainers and arch teams. The main |
| 17 |
role of the security team is to ensure that it is all happening, so |
| 18 |
they're going to spend a lot of time herding along everybody else. |
| 19 |
They can always chip in with other things but if they don't do the |
| 20 |
administrative overhead nobody else will. |
| 21 |
|
| 22 |
-- |
| 23 |
Rich |
Archives