Archives
Archives
| From: | Aaron Bauman <bman@g.o> | ||
|---|---|---|---|
| To: | gentoo-project@l.g.o | ||
| Subject: | Re: [gentoo-project] Call for agenda items - Council meeting 2016-12-11 | ||
| Date: | Fri, 02 Dec 2016 14:17:21 | ||
| Message-Id: | 9cdef1ee-1822-71b3-b1ee-127c245f1090@gentoo.org | ||
| In Reply to: | [gentoo-project] Call for agenda items - Council meeting 2016-12-11 by Rich Freeman |
||
| 1 | On 12/01/2016 07:50 AM, Rich Freeman wrote: |
| 2 | > In two weeks from now, the council will meet again. This is the time |
| 3 | > to raise and prepare items that the council should put on the agenda |
| 4 | > to discuss or vote on. |
| 5 | > |
| 6 | > Please respond to this message with agenda items. Do not hesitate to |
| 7 | > repeat your agenda item here with a pointer if you previously |
| 8 | > suggested one (since the last meeting). |
| 9 | > |
| 10 | > The agenda for the meeting will be sent out on Monday, 2016-12-05. |
| 11 | > |
| 12 | > Please reply to the gentoo-project list. |
| 13 | > |
| 14 | I would like the council to consider dropping IA-64 and SPARC from the |
| 15 | supported list of stable architectures to increase the security posture |
| 16 | of the tree. |
| 17 | |
| 18 | Rationale: |
| 19 | |
| 20 | 1. Both architectures are behind in stabilization bugs tree wide [1] and |
| 21 | do not currently have leads elected. While other architectures may rank |
| 22 | up with IA-64 and SPARC in outstanding stable bugs their commitment to |
| 23 | security is seen in the rest of this rationale. |
| 24 | |
| 25 | 2. The lack of stabilization is leaving the tree in an undesirable and |
| 26 | vulnerable state for all arches. This is directly related to |
| 27 | dependencies and proper cleanup of vulnerable ebuilds, which cannot |
| 28 | occur until all previously stable arches have been stabilized. The |
| 29 | current list of outstanding security bugs pending stabilization for |
| 30 | IA-64 [2] (50 bugs) and SPARC [3] (57 bugs) are indicative of this |
| 31 | issue. This is the focal point of why these should be considered for |
| 32 | inclusion as unstable architectures. |
| 33 | |
| 34 | 3. Both architectures are impeding the release of security advisories in |
| 35 | a timely manner following cleanup [4]. The inability to properly inform |
| 36 | our users of such vulnerabilities, in a timely manner, is contradicting |
| 37 | our commitment to security [5]. |
| 38 | |
| 39 | 4. ppc & ppc64 have progressively worsened as well concerning security |
| 40 | stabilization, but only recently. These may be considered in a future |
| 41 | council meeting or proactively considered now. |
| 42 | |
| 43 | Thank you, |
| 44 | Aaron Bauman |
| 45 | |
| 46 | [1]: https://download.sumptuouscapital.com/gentoo/wg-stable/main.pdf |
| 47 | |
| 48 | [2]: |
| 49 | https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=IN_PROGRESS&component=Vulnerabilities&email1=ia64%40gentoo.org&emailcc1=1&emailtype1=substring&list_id=3364582&product=Gentoo%20Security&query_format=advanced&resolution=--- |
| 50 | |
| 51 | [3]: |
| 52 | https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=IN_PROGRESS&component=Vulnerabilities&email1=sparc%40gentoo.org&emailcc1=1&emailtype1=substring&list_id=3364584&product=Gentoo%20Security&query_format=advanced&resolution=--- |
| 53 | |
| 54 | [4]: |
| 55 | https://www.gentoo.org/support/security/vulnerability-treatment-policy.html |
| 56 | |
| 57 | [5]: https://www.gentoo.org/support/security/ |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |
| Subject | Author |
|---|---|
| Re: [gentoo-project] Call for agenda items - Council meeting 2016-12-11 | Agostino Sarubbo <ago@g.o> |