From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I0kwr-0003Ys-Ki for garchives@archives.gentoo.org; Tue, 19 Jun 2007 21:09:14 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5JL7WVj025905; Tue, 19 Jun 2007 21:07:32 GMT Received: from home.coming.dk (3305ds1-ar.1.fullrate.dk [90.185.22.159]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5JL5I1s023233 for ; Tue, 19 Jun 2007 21:05:18 GMT Received: from localhost (localhost [127.0.0.1]) by home.coming.dk (Postfix) with ESMTP id 8B8C23DE41 for ; Tue, 19 Jun 2007 23:05:18 +0200 (CEST) X-Virus-Scanned: amavisd-new at home.coming.dk Received: from home.coming.dk ([127.0.0.1]) by localhost (littlelaughs.home.coming.dk [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fyrLhiAk92Qz for ; Tue, 19 Jun 2007 23:05:16 +0200 (CEST) Received: from [10.0.0.245] (unknown [10.0.0.245]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jaervosz@coming.dk) by home.coming.dk (Postfix) with ESMTP id 346F8242E0 for ; Tue, 19 Jun 2007 23:05:16 +0200 (CEST) From: Sune Kloppenborg Jeppesen To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Determining ebuild stability and the 30 day suggestion Date: Tue, 19 Jun 2007 23:05:14 +0200 User-Agent: KMail/1.9.5 References: <46701D06.5080302@gentoo.org> <1182220375.8229.16.camel@localhost> <46775E51.9040708@gentoo.org> In-Reply-To: <46775E51.9040708@gentoo.org> Organization: Gentoo Linux Security Team Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200706192305.14985.jaervosz@gentoo.org> X-Archives-Salt: 9e37fd09-8e72-44ad-8f4a-764344751a8c X-Archives-Hash: e84391fc37add065a247c4eeb3b7ea20 On Tuesday 19 June 2007 06:40, Luis Francisco Araujo wrote: > I use to ask for stabilization of the new version of a package > immediately if it is supposed to fix an *important* security problem in > the package, so that way we spread as soon as possible the new fix to > our users. > > Not sure if this is documented somewhere as an exception to the 30 days > rule, but i have not had problems so far and the stabilization teams > have been willing to help me in such a cases. We (the security team) ask for stabilization sooner than 30 days according = to=20 our policy=B9. AFAIR it has only resulted in a few glitches now and then. W= hen=20 they happen they should be assigned to us to fix any regression. =B9 http://www.gentoo.org/security/en/vulnerability-policy.xml =2D-=20 Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- gentoo-dev@gentoo.org mailing list