From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 90DDC138010 for ; Thu, 13 Sep 2012 13:49:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8CD2021C005; Thu, 13 Sep 2012 13:49:25 +0000 (UTC) Received: from mail.a3li.li (sawfish.a3li.li [89.238.78.10]) by pigeon.gentoo.org (Postfix) with ESMTP id E8153E062B for ; Thu, 13 Sep 2012 13:48:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.a3li.li (Postfix) with ESMTP id CC45B2226E6 for ; Thu, 13 Sep 2012 15:48:16 +0200 (CEST) X-Virus-Scanned: amavisd-new at a3li.li Received: from mail.a3li.li ([127.0.0.1]) by localhost (stingray.a3li.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96mcqfUPMEt5 for ; Thu, 13 Sep 2012 15:48:15 +0200 (CEST) Received: from [192.168.1.123] (dslb-088-067-212-057.pools.arcor-ip.net [88.67.212.57]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.a3li.li (Postfix) with ESMTPSA id 9E3702226D1 for ; Thu, 13 Sep 2012 15:48:15 +0200 (CEST) Message-ID: <5051E41C.1060809@gentoo.org> Date: Thu, 13 Sep 2012 15:48:12 +0200 From: Alex Legler User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120606 Thunderbird/13.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] About changing security policy to unCC maintainers when their are not needed References: <1347472741.2365.5.camel@belkin4> In-Reply-To: <1347472741.2365.5.camel@belkin4> X-Enigmail-Version: 1.5pre Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig9B61D93880066137A3EED51E" X-Archives-Salt: 934203d0-cef1-4116-811c-7b78def0b697 X-Archives-Hash: 1a9b4b17003b33f25c2ccff8d8aedeea This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9B61D93880066137A3EED51E Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12.09.2012 19:59, Pacho Ramos wrote: > Hello >=20 > Currently, package maintainers are CCed to security bugs when their are= > needed. The problem is that, once maintainers add a fixed version and > tell security team they are ok to get it stabilized, maintainers are > kept CCed until bug is closed by security team. This usually means > getting a lot of mail after some time when security team discuss if a > GLSA should be filled or not, if security bot adds some comment... some= > of that comments are applied to really old bugs that need no action fro= m > maintainers.=20 >=20 > Maybe would be interesting to change the policy to unCC maintainers > again when their action is no longer required. >=20 > What do you think? Sorta OT but a general thing: I think you should CC teams you want to talk to and not only use the gentoo-systemd-flamewars^W^W-dev mailing list where these teams might only find your post by chance. >=20 > Thanks for your thoughts=20 >=20 --=20 Alex Legler Gentoo Security/Ruby/Infrastructure --------------enig9B61D93880066137A3EED51E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJQUeQfAAoJEDa6ZWES7jAATVEP/iorn8ap9RdeNpjzcOoKkxB2 1aj5VsNFZL1m+/H1WShzEB765GJZJZq5fy5qZwCdeOxttGv3SkkkZ9vVmxnEpufo OIkJGVgwIxDCdprlZ+o4tpL8phYzeQheD8kn/I5J71SjJzw7Kcoou6DwCOfkcY9A qy1zNJPyQDEZTEFUmhoIhxrQNsYAawsypvcyyfQe9k0FfZEi2liiD0dSaPoMOset HEItir0y9qcPIRt97muid3IhoYvARGn77Wcr+HGBx0d/IxMmjflVAqrkrvhNyQBy hl9e70Zpo64rcZy0XmiQnkNcRB6HqXXgmS7yDdphLRUmTiwtJeIYEqa8gXKTxnh4 6dPRHeAomO8S5mj9/Y0gbDhitV/ex4PSFLKkU+plwKOkejZ6Y6DPmY07Pf4C0+/B MoX7YxoETOmJFEM3q4XLP7/1+RGDTdaj9PA5f2Q65Zb9oAi8rNFKL0pDCn3WSY/q HLGdfLEThDRrz39dUR7U6dy/Vsx/Dm5ErMV/6pEhcz02XL/yBJlYojJlZ9IB4iIC Sd1eRQ9UrGlnYkUsQ0mdb+cPMv/IPq8/P4228tVgTvFfAezPv64ZWBdjhGi1TtmR 1nq41GKH8ygA6J3PtwZJfoWWgzTsQVr81C2uBi4Z3hVo1+5QIeC1bajYASp7/8ap /hz4fPW0mfGRPyhhF0q/ =cSg7 -----END PGP SIGNATURE----- --------------enig9B61D93880066137A3EED51E--