1 |
On 13.09.2012 09:29, Pacho Ramos wrote: |
2 |
> […] |
3 |
> OK, then, looks like the policy could be that, once all arches are done, |
4 |
> maintainers cleanup ebuilds and unCC themselves, that way, if they are |
5 |
> still getting mails from bug report is because they forgot to remove |
6 |
> vulnerable versions and, if not, is because all their work was finished. |
7 |
> Are you ok with this policy? |
8 |
|
9 |
A general note: The request makes one wonder a bit how much you actually |
10 |
care about your package if a few emails disturb you. Arches, Security, |
11 |
and users reporting issues are trying to help you get the package into a |
12 |
good shape. |
13 |
|
14 |
Now, I can understand the request for the sake of possibly less email, |
15 |
less bugs appearing in "bugs I'm in CC on" searches and such, especially |
16 |
when things on the security side take a bit longer. |
17 |
|
18 |
We have no problem with people removing themselves after a bit of time, |
19 |
after arches are done and vulnerable versions are removed, but I |
20 |
certainly won't encourage people to do that actively right away. |
21 |
The reasons for this are a) that unCC usually generates another email |
22 |
(hey, not just maintainers want as little email as possible) and b) |
23 |
sometimes things still come up that require maintainer attention (mostly |
24 |
users reporting issues). |
25 |
The Security team certainly won't unCC people as suggested before in the |
26 |
thread, and if there are packages where more issues happen "post-unCC", |
27 |
we'd have to manually reCC maintainers every time. So you'd weigh up our |
28 |
time with a few bytes in your inbox. |
29 |
|
30 |
What we could agree on is clarifying that maintainers have to stay on CC |
31 |
until stabling is done and vulnerable versions are removed, they can, if |
32 |
they want, remove themselves after a bit of time after that, and that |
33 |
Security might ask them to stay on CC next time, should the package turn |
34 |
out to require their attention after stabling more often. |
35 |
|
36 |
@security: ack? |
37 |
|
38 |
Alex |
39 |
|
40 |
-- |
41 |
Alex Legler <a3li@g.o> |
42 |
Gentoo Security/Ruby/Infrastructure |