| 1 |
On Mon, 2018-12-03 at 19:16 -0500, Aaron Bauman wrote: |
| 2 |
> > On 25.11.2018 15:31, Mart Raudsepp wrote: |
| 3 |
> > > In two weeks from now, there will be a council meeting again. Now is |
| 4 |
> > > the time to raise and prepare agenda items that you want us to discuss |
| 5 |
> > > and/or vote upon. |
| 6 |
> > > |
| 7 |
> > > Please respond to this message on the gentoo-project mailing list with |
| 8 |
> > > agenda items. |
| 9 |
> > > The final agenda will be sent out on 2018-12-02, so please make sure |
| 10 |
> > > you post any agenda items before that, or we may not be able to |
| 11 |
> > > accommodate it into the next meeting. |
| 12 |
> > > |
| 13 |
> > > The meeting itself will happen on 2018-12-09 19:00 UTC [1] in the |
| 14 |
> > > #gentoo-council FreeNode IRC channel. |
| 15 |
> > > |
| 16 |
> > > |
| 17 |
> > > 1. https://www.timeanddate.com/worldclock/fixedtime.html?iso=20181209T19 |
| 18 |
> > > |
| 19 |
> > > |
| 20 |
> > > Thanks, |
| 21 |
> > > Mart Raudsepp |
| 22 |
> |
| 23 |
> I would like to propose, once again, that the council vote on the |
| 24 |
> following items: |
| 25 |
> |
| 26 |
> 1. The council approves all architectures that are maintained as stable |
| 27 |
> architectures. |
| 28 |
> - e.g. alpha, amd64, arm, arm64, ia64, ppc, ppc64, and x86. |
| 29 |
> |
| 30 |
> Conversely, the council also may remove/drop such architectures as |
| 31 |
> needed (c.f. item 2). |
| 32 |
|
| 33 |
What happens if Council votes 'no' to this item? Do all arches become |
| 34 |
unstable? |
| 35 |
|
| 36 |
Don't introduce votes for confirming status quo because they make no |
| 37 |
sense. If there's a specific change you're proposing, propose it |
| 38 |
and be specific so that people can discuss it ahead of time. |
| 39 |
|
| 40 |
> 2. The council approves that all stable architectures are subsequently |
| 41 |
> determined to be security supported. Thus, an architecture may not be |
| 42 |
> stable and *not* security supported. This disparity has implications in |
| 43 |
> processes and timeliness of actions taken to mitigate vulnerabilities |
| 44 |
> reported. |
| 45 |
> - e.g. amd64 is approved as stable arch and thus is security supported. |
| 46 |
> - e.g. arm is dropped as a stable arch thus is no longer security supported. |
| 47 |
> |
| 48 |
> Overall, both of these items will provide a much clearer understanding |
| 49 |
> of how security is able to proceed with mitigating vulnerabilities in |
| 50 |
> the tree, how users view and understand what architectures are stable |
| 51 |
> and security supported, and allow the security team and maintainers a |
| 52 |
> clearer/cleaner process to follow. |
| 53 |
> |
| 54 |
|
| 55 |
Are you asking the Council to make a policy for security team, |
| 56 |
or to override the existing policy of security team? Because this |
| 57 |
sounds like you're implying that security team can't make up their mind. |
| 58 |
|
| 59 |
Also, if the Council votes 'yes', what happens next? Does security |
| 60 |
accept all stable arches? Do stable arches get demoted implicitly based |
| 61 |
on security project considerations? |
| 62 |
|
| 63 |
-- |
| 64 |
Best regards, |
| 65 |
Michał Górny |
Archives