From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9512358973 for ; Thu, 21 Jan 2016 17:36:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 18EB821C064; Thu, 21 Jan 2016 17:36:04 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1F3B021C03F for ; Thu, 21 Jan 2016 17:36:02 +0000 (UTC) Received: from [10.144.0.5] (host-37-191-220-247.lynet.no [37.191.220.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id CECAF340906 for ; Thu, 21 Jan 2016 17:36:00 +0000 (UTC) Subject: Re: [gentoo-dev] [RFD] Adopt-a-package, proxy-maintenance, and other musings References: <569DCD51.6000501@gentoo.org> <20160121165358.GA18561@whubbs1.gaikai.biz> <20160121181528.30e3ec4d@gentoo.org> <56A11481.20807@gentoo.org> <20160121183018.112c15a6@gentoo.org> To: gentoo-dev@lists.gentoo.org From: Kristian Fiskerstrand Message-ID: <56A116FC.1030706@gentoo.org> Date: Thu, 21 Jan 2016 18:35:56 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20160121183018.112c15a6@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 9be633f1-096b-4d4e-a4d2-3aeafe66353d X-Archives-Hash: 5b32da990459d9858893530793f4153d -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 01/21/2016 06:30 PM, Alexis Ballier wrote: > On Thu, 21 Jan 2016 18:25:21 +0100 Kristian Fiskerstrand > wrote: > >> However it can cause complications when issues are detected, in >> particular security relevant ones. Attaching a CSV of bugs >> assigned to security with maintainer-needed CCed. >> >> e.g app-text/htmltidy has multiple reverse dependecies but is >> itself maintainer needed with at least two vulnerabilities (bug >> 561452) >> > > well, 'not ( forall x, x is m-n, x is crap )' and 'exists x, x is > m-n, x is crap' don't necessarily disagree either :) > Indeed, however it does cause issues with assignment when security vulnerabilities are reported, as nobody is CCed to handle it if m-n. So this list needs to be actively maintained and treecleaning is difficult with reverse deps involved. ... we might get around this by amending procedures to CC every maintainer of reverse deps in these cases though (and if no rdep simply treeclean it). - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJWoRb4AAoJECULev7WN52F4ZMH/i4c5tSxJqgPmJY07c4qFkfL N2cNWz+lRe9xr/VQxS9kLwG9IlqEJMMe4A6f2MvIeKwgN3A+HpLHQrEfK7we6Ctl +wy25IxEWbfk8ajuXU89qYN29CIeZcunhcNkA/5WvZSI4fiakxMkP2aDq9nSl+t3 VJ5V54jVEQGvS4vBcR8hKSU7uW5fnwWFIRxV4TFeD+wQNEIDdF8dMEvvqdJUpKuj 5LzlLnXXjBW9vB53wM8n0BsufLVOK/xU1Cx8AJabqmoUX5O+NdlDTXks2r/yuVUk YAze94Pb4oFKUSsQ0eHObr7vXXkpFQgwA4c4H0u75y5zAtaSDQFJ+8Fg7qIvb1k= =NQwO -----END PGP SIGNATURE-----