From: Pacho Ramos <pacho@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] About changing security policy to unCC maintainers when their are not needed
Date: Wed, 12 Sep 2012 20:53:20 +0200 [thread overview]
Message-ID: <1347476000.2365.14.camel@belkin4> (raw)
In-Reply-To: <20120912202932.1fc1adbb@marga.jer-c2.orkz.net>
[-- Attachment #1: Type: text/plain, Size: 1951 bytes --]
El mié, 12-09-2012 a las 20:29 +0200, Jeroen Roovers escribió:
> On Wed, 12 Sep 2012 19:59:01 +0200
> Pacho Ramos <pacho@gentoo.org> wrote:
>
> > Hello
> >
> > Currently, package maintainers are CCed to security bugs when their
> > are needed. The problem is that, once maintainers add a fixed version
> > and tell security team they are ok to get it stabilized, maintainers
> > are kept CCed until bug is closed by security team. This usually means
> > getting a lot of mail after some time when security team discuss if a
> > GLSA should be filled or not, if security bot adds some comment...
> > some of that comments are applied to really old bugs that need no
> > action from maintainers.
>
> So you would want to be re-CC'd when it is time to remove the vulnerable
> versions, I guess.
Personally, I have never been asked by them to remove old vulnerable
versions (and this refers to bugs I get from gnome and dotnet herds)
>
> Also, I have problems with stating "getting too much mail" as the
> actual problem.
The problem is that one and, also, getting a comment months after the
fixed version was stabilized with a comment like "GLSA vote = no" or
similar. That comment is only useful to security team.
> Perhaps your brain or your computer can smartly filter
> them out?
Perhaps things can be enhanced to not send useless mails that will need
to get removed just after they are get, this is pretty annoying when I
fetch a ton of mails after being out during August.
>
> > Maybe would be interesting to change the policy to unCC maintainers
> > again when their action is no longer required.
>
> You can un-CC yourself. I don't see why security@ should be doing the
> legwork.
>
>
It shouldn't be so hard to do, they can do it just when they CC arches,
instead of relaying some random team member to do it himself once a
useless message is received
> jer
>
>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2012-09-12 18:55 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 17:59 [gentoo-dev] About changing security policy to unCC maintainers when their are not needed Pacho Ramos
2012-09-12 18:29 ` Jeroen Roovers
2012-09-12 18:42 ` Rich Freeman
2012-09-12 18:55 ` Pacho Ramos
2012-09-12 18:53 ` Pacho Ramos [this message]
2012-09-13 1:43 ` Jeroen Roovers
2012-09-13 3:29 ` Ben de Groot
2012-09-13 7:32 ` Pacho Ramos
2012-09-12 18:30 ` [gentoo-dev] " Michael Palimaka
2012-09-12 18:54 ` Pacho Ramos
2012-09-12 22:30 ` Sean Amoss
2012-09-13 7:29 ` Pacho Ramos
2012-09-14 11:15 ` Alex Legler
2012-09-14 11:33 ` Rich Freeman
2012-09-13 7:30 ` Pacho Ramos
2012-09-13 13:48 ` [gentoo-dev] " Alex Legler
2012-09-13 19:57 ` Pacho Ramos
2012-09-13 20:11 ` Rich Freeman
2012-09-14 9:34 ` Alex Legler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1347476000.2365.14.camel@belkin4 \
--to=pacho@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox