Gentoo Archives: gentoo-dev

From: Matti Bickel <mabi@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: [gentoo-dev-announce] Security stabilisations
Date: Sat, 17 Jul 2010 17:51:13
In Reply to: Re: [gentoo-dev] Re: [gentoo-dev-announce] Security stabilisations by "Petteri Räty"
On 07/17/2010 07:02 PM, Petteri Räty wrote:
>> Do stabilisations on the security bug so arch team members can skim >> through their stabilisation list by just looking for security@g.o to >> find the vulnerable packages. >> >> V-Li >> > > If you want things to happen this way then it should be at least > documented in the devmanual.
It's in the security project's policy: "once an ebuild is committed, evaluate what keywords are needed for the fix ebuild and get arch-specific teams to test and mark the ebuild stable on their architectures (arch-teams should be cc'd on the bug, as well as releng during release preparation) and set status whiteboard to stable", Chapter 4 As the CC'ing should be done by the security folks/the maintainer when a new ebuild is ready, I don't think it needs to be in devmanual. The relevant people should be aware of the process.


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-dev] Re: [gentoo-dev-announce] Security stabilisations "Petteri Räty" <betelgeuse@g.o>