From: Rich Freeman <rich0@gentoo.org>
To: gentoo-dev <gentoo-dev@lists.gentoo.org>
Subject: Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
Date: Sat, 20 Oct 2018 09:29:32 -0400 [thread overview]
Message-ID: <CAGfcS_nW5qCCNKV=k-zVG7H5V4PrDCka4VFb1WuMtCt75rb1pg@mail.gmail.com> (raw)
In-Reply-To: <13279775.bTPpegArPH@tuxk10>
On Sat, Oct 20, 2018 at 8:19 AM Andreas Sturmlechner <asturm@gentoo.org> wrote:
>
> On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote:
> > ARM is not a Gentoo security supported arch.
> >
> > If the ARM maintainers feel that stable keywords make the lives of
> > their users better, and it isn't causing problems for anybody else,
> > I'm not sure why we should be interfering with this.
>
> That's interesting. If it's not security supported, does that mean we can
> simply clean up vulnerable versions and drop every arm revdep to ~arm?
>
> Or are we supposed to keep vulnerable versions around and drop every keyword
> except arm?
>
Setting aside the security supported flag that was already discussed,
there is also a council decision regarding this general topic [1].
The only issue is that I'm not certain if it was intended to apply to
ARM, or only to specific arches [2].
The last policy was:
"If a maintainer has an open STABLEREQ, or a KEYWORDREQ blocking a
pending STABLEREQ, for 90 days with archs CCed and otherwise ready
to be stabilized, the maintainer can remove older versions of
the package at their discretion. A package is considered ready to be
stabilized if it has been in the tree for 30 days, and has no known
major flaws on arches that upstream considers supported." [1]
IMO that was written generically enough that it could apply anywhere,
but that is up to the Council. In theory it could even be safely
applied to x86/amd64, especially since maintainers can
self-stabilize/keyword on those arches typically.
[1] - https://projects.gentoo.org/council/meeting-logs/20131119-summary.txt
[2] - https://projects.gentoo.org/council/meeting-logs/20130917-summary.txt
--
Rich
next prev parent reply other threads:[~2018-10-20 13:29 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-11 15:10 [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774 Thomas Deutschmann
2018-10-11 15:45 ` Corentin “Nado” Pazdera
2018-10-11 17:04 ` Thomas Deutschmann
2018-10-11 17:07 ` Alec Warner
2018-10-11 18:07 ` Marc Schiffbauer
2018-10-11 15:48 ` Alec Warner
2018-10-11 17:14 ` Thomas Deutschmann
2018-10-12 10:07 ` Jeroen Roovers
2018-10-12 12:50 ` Rich Freeman
2018-10-20 12:19 ` Andreas Sturmlechner
2018-10-20 12:22 ` Mikle Kolyada
2018-10-20 12:26 ` Andreas Sturmlechner
2018-10-20 12:56 ` Mikle Kolyada
2018-10-20 13:29 ` Rich Freeman [this message]
2018-10-11 23:38 ` Sergei Trofimovich
2018-10-12 0:40 ` Thomas Deutschmann
2018-10-12 7:28 ` Sergei Trofimovich
2018-10-12 2:12 ` Matt Turner
2018-10-12 13:47 ` [gentoo-dev] " Mikle Kolyada
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGfcS_nW5qCCNKV=k-zVG7H5V4PrDCka4VFb1WuMtCt75rb1pg@mail.gmail.com' \
--to=rich0@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox