From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id F0866138010 for ; Wed, 12 Sep 2012 18:01:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0CE9F21C043; Wed, 12 Sep 2012 18:00:42 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 372CF21C036 for ; Wed, 12 Sep 2012 17:59:11 +0000 (UTC) Received: from [192.168.1.33] (198.red-80-29-44.adsl.static.ccgg.telefonica.net [80.29.44.198]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: pacho) by smtp.gentoo.org (Postfix) with ESMTPSA id D2CFC33C73D for ; Wed, 12 Sep 2012 17:59:09 +0000 (UTC) Subject: [gentoo-dev] About changing security policy to unCC maintainers when their are not needed From: Pacho Ramos To: gentoo-dev@lists.gentoo.org Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-B0s01dCHco9aEFZQd70p" Date: Wed, 12 Sep 2012 19:59:01 +0200 Message-ID: <1347472741.2365.5.camel@belkin4> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.32.3 X-Archives-Salt: 659b19be-3116-4f41-8ab7-948f439e9c48 X-Archives-Hash: a3bf4f4c285abe35ee56640ba1acbcf8 --=-B0s01dCHco9aEFZQd70p Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Currently, package maintainers are CCed to security bugs when their are needed. The problem is that, once maintainers add a fixed version and tell security team they are ok to get it stabilized, maintainers are kept CCed until bug is closed by security team. This usually means getting a lot of mail after some time when security team discuss if a GLSA should be filled or not, if security bot adds some comment... some of that comments are applied to really old bugs that need no action from maintainers.=20 Maybe would be interesting to change the policy to unCC maintainers again when their action is no longer required. What do you think? Thanks for your thoughts=20 --=-B0s01dCHco9aEFZQd70p Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEABECAAYFAlBQzWUACgkQCaWpQKGI+9T2CQCfc/3OobACt66RfvMFsGPfVP0z CCUAn0xy4jg+WILKtRkKIWSVo/4t1Wy8 =jQEk -----END PGP SIGNATURE----- --=-B0s01dCHco9aEFZQd70p--