From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JBLlW-000539-S0 for garchives@archives.gentoo.org; Sun, 06 Jan 2008 03:01:35 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.2/8.14.0) with SMTP id m06308uJ002661; Sun, 6 Jan 2008 03:00:08 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.14.2/8.14.0) with ESMTP id m062veoR029979 for ; Sun, 6 Jan 2008 02:57:40 GMT Received: from [192.168.1.150] (adsl-65-67-72-193.dsl.fyvlar.swbell.net [65.67.72.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id CA1C665805 for ; Sun, 6 Jan 2008 02:57:39 +0000 (UTC) Message-ID: <47804394.50101@gentoo.org> Date: Sat, 05 Jan 2008 20:57:24 -0600 From: Martin Jackson User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January References: <20080101103002.083C4652C4@smtp.gentoo.org> <54551.192.168.2.159.1199365359.squirrel@www.aei-tech.com> <477D75CA.1030003@gentoo.org> <20080104000155.23e056b4@snowcone> <20080104004653.039f488e@snowcone> <20080104012750.63f4f23a@snowcone> <63044.68.54.223.178.1199445791.squirrel@www.aei-tech.com> <20080104210213.50a99e6b@snowcone> <61164.68.54.223.178.1199485599.squirrel@www.aei-tech.com> <20080104223754.3fb48b85@snowcone> <1199506818.7609.30.camel@inertia.twi-31o2.org> <20080105043233.0935d2f8@snowcone> <20080105124751.0bef4908@gentoo.org> <20080106003246.6e4b6425@snowcone> <20080106013630.7e0a504b@snowcone> <47803A61.7000600@gentoo.org> <20080106022402.01174707@snowcone> <47803DA9.10000@gentoo.org> <20080106023852.25b42e4b@snowcone> In-Reply-To: <20080106023852.25b42e4b@snowcone> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: b50ca8ce-c5d6-4730-9223-e353b25ef4a0 X-Archives-Hash: ef54b8fa10433a8523fb0523c4fd8ef3 Ciaran McCreesh wrote: > On Sat, 05 Jan 2008 20:32:09 -0600 > Martin Jackson wrote: >>> Perhaps you should have explicitly stated in the bug that it was for >>> security reasons and thus a priority. Make things easy for the arch >>> teams -- if you have useful information like that, provide it in an >>> easy to see place. Looking at that bug, I don't see anything >>> indicating that there's any reason it should have been considered >>> over more widely used packages. >> Because setuptools is not widely used? >> >> The sec bug was (and remains) linked as a blocker. Is that not >> explicit or easy enough? > > When arch people get dozens to hundreds of bug emails per day, no, it's > not. A simple "this is now a security issue, see bug blah" makes it an > awful lot easier for arch people to prioritise -- emails that merely > show blockers added or removed tend to get ignored because a) they're > almost always meaningless changes from the arch team's perspective, and > b) the bug email doesn't convey any useful information on its own > anyway. > To be clear, the security issue didn't arise until November 7, 2007. The request to keyword setuptools was *not* a security issue until then. Thanks, Marty -- gentoo-dev@gentoo.org mailing list