| 1 |
On 13.09.2012 09:29, Pacho Ramos wrote: |
| 2 |
> […] |
| 3 |
> OK, then, looks like the policy could be that, once all arches are done, |
| 4 |
> maintainers cleanup ebuilds and unCC themselves, that way, if they are |
| 5 |
> still getting mails from bug report is because they forgot to remove |
| 6 |
> vulnerable versions and, if not, is because all their work was finished. |
| 7 |
> Are you ok with this policy? |
| 8 |
|
| 9 |
A general note: The request makes one wonder a bit how much you actually |
| 10 |
care about your package if a few emails disturb you. Arches, Security, |
| 11 |
and users reporting issues are trying to help you get the package into a |
| 12 |
good shape. |
| 13 |
|
| 14 |
Now, I can understand the request for the sake of possibly less email, |
| 15 |
less bugs appearing in "bugs I'm in CC on" searches and such, especially |
| 16 |
when things on the security side take a bit longer. |
| 17 |
|
| 18 |
We have no problem with people removing themselves after a bit of time, |
| 19 |
after arches are done and vulnerable versions are removed, but I |
| 20 |
certainly won't encourage people to do that actively right away. |
| 21 |
The reasons for this are a) that unCC usually generates another email |
| 22 |
(hey, not just maintainers want as little email as possible) and b) |
| 23 |
sometimes things still come up that require maintainer attention (mostly |
| 24 |
users reporting issues). |
| 25 |
The Security team certainly won't unCC people as suggested before in the |
| 26 |
thread, and if there are packages where more issues happen "post-unCC", |
| 27 |
we'd have to manually reCC maintainers every time. So you'd weigh up our |
| 28 |
time with a few bytes in your inbox. |
| 29 |
|
| 30 |
What we could agree on is clarifying that maintainers have to stay on CC |
| 31 |
until stabling is done and vulnerable versions are removed, they can, if |
| 32 |
they want, remove themselves after a bit of time after that, and that |
| 33 |
Security might ask them to stay on CC next time, should the package turn |
| 34 |
out to require their attention after stabling more often. |
| 35 |
|
| 36 |
@security: ack? |
| 37 |
|
| 38 |
Alex |
| 39 |
|
| 40 |
-- |
| 41 |
Alex Legler <a3li@g.o> |
| 42 |
Gentoo Security/Ruby/Infrastructure |
Archives