Re: [gentoo-project] Re: [gentoo-dev-announce] Call for agenda items - Council meeting 2018-12-09

[Mart Raudsepp <leio@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 2390 bytes --]

Ühel kenal päeval, T, 04.12.2018 kell 10:54, kirjutas Kristian
Fiskerstrand:
> On 12/4/18 4:41 AM, Michał Górny wrote:
> > Are you asking the Council to make a policy for security team,
> > or to override the existing policy of security team?  Because this
> > sounds like you're implying that security team can't make up their
> > mind.
> 
> This is indeed part of the ongoing discussion surrounding the GLEP
> for
> the security team; Before anything should go to council on this we
> need
> to put the the current draft up for a public discussion on the
> -project
> mailing list.
> 
> > 
> > Also, if the Council votes 'yes', what happens next?  Does security
> > accept all stable arches?  Do stable arches get demoted implicitly
> > based
> > on security project considerations?
> 
> The assumption would be that security needs to have a say for
> whenever
> an arch is added or if requesting to remove an arch. To balance this
> a a
> GLEP48-style/QA-style lead approval process is added and criteria to
> be
> used for such determination is included.
> 
> Personally I don't see a problem with the status quo where security
> supported arches is listed as part of security project's
> documentation,
> and removals announced etc. The actual security implication for a lot
> of
> these arches will anyways be impacted by members of the team having
> limited knowledge of particulars, in particular when it come to
> auditing
> due to difference in assembly etc, so the major arches will anyways
> have
> a better foundation for being handled by the team, so security is
> relative to what we claim to know and do.
> 
> In any case, too early for the council to do anything here.

Given this subthread and the points about GLEP, I'm not sure how we can
discuss these things without even having seen the security GLEP update
proposal yet. Thus I will not add these items to the agenda (we can
also call them proposed over a day late, if you want), but rather
explicitly bring out the open bug about the GLEP update, as it keeps
getting delayed from meeting to meeting. Hopefully this (and it being a
prerequisite for the "rejected" agenda items) brings more attention to
it and at least something becomes ready and appears to the public.

That said, I would very much welcome b-man with this topic to the open
floor.


Mart

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 981 bytes --]