From: | Aaron Bauman <bman@g.o> | ||
---|---|---|---|
To: | gentoo-project@l.g.o | ||
Subject: | Re: [gentoo-project] Call for agenda items - Council meeting 2016-12-11 | ||
Date: | Fri, 02 Dec 2016 14:17:21 | ||
Message-Id: | 9cdef1ee-1822-71b3-b1ee-127c245f1090@gentoo.org | ||
In Reply to: | [gentoo-project] Call for agenda items - Council meeting 2016-12-11 by Rich Freeman |
1 | On 12/01/2016 07:50 AM, Rich Freeman wrote: |
2 | > In two weeks from now, the council will meet again. This is the time |
3 | > to raise and prepare items that the council should put on the agenda |
4 | > to discuss or vote on. |
5 | > |
6 | > Please respond to this message with agenda items. Do not hesitate to |
7 | > repeat your agenda item here with a pointer if you previously |
8 | > suggested one (since the last meeting). |
9 | > |
10 | > The agenda for the meeting will be sent out on Monday, 2016-12-05. |
11 | > |
12 | > Please reply to the gentoo-project list. |
13 | > |
14 | I would like the council to consider dropping IA-64 and SPARC from the |
15 | supported list of stable architectures to increase the security posture |
16 | of the tree. |
17 | |
18 | Rationale: |
19 | |
20 | 1. Both architectures are behind in stabilization bugs tree wide [1] and |
21 | do not currently have leads elected. While other architectures may rank |
22 | up with IA-64 and SPARC in outstanding stable bugs their commitment to |
23 | security is seen in the rest of this rationale. |
24 | |
25 | 2. The lack of stabilization is leaving the tree in an undesirable and |
26 | vulnerable state for all arches. This is directly related to |
27 | dependencies and proper cleanup of vulnerable ebuilds, which cannot |
28 | occur until all previously stable arches have been stabilized. The |
29 | current list of outstanding security bugs pending stabilization for |
30 | IA-64 [2] (50 bugs) and SPARC [3] (57 bugs) are indicative of this |
31 | issue. This is the focal point of why these should be considered for |
32 | inclusion as unstable architectures. |
33 | |
34 | 3. Both architectures are impeding the release of security advisories in |
35 | a timely manner following cleanup [4]. The inability to properly inform |
36 | our users of such vulnerabilities, in a timely manner, is contradicting |
37 | our commitment to security [5]. |
38 | |
39 | 4. ppc & ppc64 have progressively worsened as well concerning security |
40 | stabilization, but only recently. These may be considered in a future |
41 | council meeting or proactively considered now. |
42 | |
43 | Thank you, |
44 | Aaron Bauman |
45 | |
46 | [1]: https://download.sumptuouscapital.com/gentoo/wg-stable/main.pdf |
47 | |
48 | [2]: |
49 | https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=IN_PROGRESS&component=Vulnerabilities&email1=ia64%40gentoo.org&emailcc1=1&emailtype1=substring&list_id=3364582&product=Gentoo%20Security&query_format=advanced&resolution=--- |
50 | |
51 | [3]: |
52 | https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=IN_PROGRESS&component=Vulnerabilities&email1=sparc%40gentoo.org&emailcc1=1&emailtype1=substring&list_id=3364584&product=Gentoo%20Security&query_format=advanced&resolution=--- |
53 | |
54 | [4]: |
55 | https://www.gentoo.org/support/security/vulnerability-treatment-policy.html |
56 | |
57 | [5]: https://www.gentoo.org/support/security/ |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-project] Call for agenda items - Council meeting 2016-12-11 | Agostino Sarubbo <ago@g.o> |