From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 5C651138010 for ; Fri, 14 Sep 2012 11:34:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ADC3721C003; Fri, 14 Sep 2012 11:34:16 +0000 (UTC) Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 0BCBAE0574 for ; Fri, 14 Sep 2012 11:33:19 +0000 (UTC) Received: by bkwj4 with SMTP id j4so1144027bkw.40 for ; Fri, 14 Sep 2012 04:33:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=ohduUo/0/Gfcz7bqwxkZii4WIx337oxPch/3AS2OCpQ=; b=S8zDPn6JYRU3tW0CdPZGoHx+SzU3Z6qqHqXXRO4b//UCLBdg/7hdPI8zePGSKnL3Fz CKLktm535rmJ3w9FUZClGyazMHQ1BZXBRCJfeZSjw5KA/3w3JZJmeveSl/Z0dE4Q4F6B VPSHAqZFgaZQ8HmCkJ1qKw10aV3bFQPH/ZU+xF8k69osLS62Xs6KPpcx0TBABoaTZdvi GRxvVOECrmolT+yWqBnmQIaC4Hd+Gdxfd5g52aRrLGk5j0Jsga/JlMVkpMl/W9/LrRBB BFuJ++I1LSkxVqbQwPFSqKZp3dqkiE+b8ncy+JNgF0bxPKQ2QBBrJltscKoQYUpHGHP6 wWsA== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.204.130.209 with SMTP id u17mr978946bks.35.1347622398883; Fri, 14 Sep 2012 04:33:18 -0700 (PDT) Sender: freemanrich@gmail.com Received: by 10.205.65.136 with HTTP; Fri, 14 Sep 2012 04:33:18 -0700 (PDT) In-Reply-To: <505311B4.3020303@gentoo.org> References: <1347472741.2365.5.camel@belkin4> <5050D4AF.1010205@gentoo.org> <1347476047.2365.15.camel@belkin4> <50510CFA.4040503@gentoo.org> <1347521377.4821.1.camel@belkin4> <505311B4.3020303@gentoo.org> Date: Fri, 14 Sep 2012 07:33:18 -0400 X-Google-Sender-Auth: Ul_CORdRr6GRJlG9Y1eH8iK2np4 Message-ID: Subject: Re: [gentoo-dev] Re: About changing security policy to unCC maintainers when their are not needed From: Rich Freeman To: gentoo-dev@lists.gentoo.org Cc: security@gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 6f356991-3b60-479a-ae62-21948c574b10 X-Archives-Hash: b830d427b5cb0e1279d124d025b5cf10 On Fri, Sep 14, 2012 at 7:15 AM, Alex Legler wrote: > A general note: The request makes one wonder a bit how much you actually > care about your package if a few emails disturb you. Arches, Security, > and users reporting issues are trying to help you get the package into a > good shape. I suspect that this concern arose in part due to a series of around two dozen bug comment emails that were sent to the chromium@ alias in the span of a day relating to security problems for versions as old as chromium-7. I doubt anybody anywhere still cares about security problems with chromium 7 - just about every major chromium release contains security fixes, so if you aren't on the latest major version you're guaranteed to be vulnerable. A good tip is that if you haven't worked out your CPUs in the last two weeks on a chromium build, you're out of date. I suspect this is a bit of a one-off as the security team continues to catch up from a past hiatus (stabilizations were getting done, but GLSAs were never issued). I remember there being a wave of ancient GLSAs a few months ago, but perhaps the entire queue wasn't flushed out. Aliases that pertain to a large number of security-affected packages were probably disproportionately impacted. So, if this is a one-off then perhaps we shouldn't use it as the basis for policy changes. That said, I think your proposal to allow maintainers to un-CC themselves after the tree is cleaned up makes sense. Rich