From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E9097138334 for ; Tue, 4 Dec 2018 09:55:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A381DE098E; Tue, 4 Dec 2018 09:55:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 57D17E097C for ; Tue, 4 Dec 2018 09:55:16 +0000 (UTC) Received: from [10.100.0.26] (host-37-191-231-105.lynet.no [37.191.231.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id CC236335C38; Tue, 4 Dec 2018 09:55:14 +0000 (UTC) To: gentoo-project@lists.gentoo.org, =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= References: <1543149110.17973.1.camel@gentoo.org> <2a393e89-3156-9666-de46-2faf2fd1f7e3@gentoo.org> <20181204001604.GK16376@monkey> <1543894892.810.5.camel@gentoo.org> From: Kristian Fiskerstrand Openpgp: preference=signencrypt Autocrypt: addr=k_f@gentoo.org; prefer-encrypt=mutual; keydata= xsFNBEdj//4BEAC3zjKRryW1mLec38x0w9ByG50h6KJddkZe3UNdGhAa3S5E4NAi/fUoe3gD LUDDmpHZNqtbMgrobwUNjLrp+PDZNdMJFAnbWXvmsMwuax0SWJzy4alem34tvir3a2PpnVr9 ylyAyxPChMM0ANelT/fiYIEysjAbHXjri89qdT+yA16CMljoun7vIOmq7ohKdNd1Dci6qoyj 0NllvR2AiBI+ZJnoF4hkRKO1PNUJROzn/ku88idaNkWyq7rREI+WkhS+K6xg1R/d6mTp+bHP tmwGlN4U1Lgx9qeitYzirkQeA8EGK/EEPPZG85WvXSrTftoPvQswOtW7I+jkTdd30GHXf6JH Rq4oR0mT65mqckycPjXNw6RM0fxyx06/kbVG8x3tzc3roJF+hR+h5QWIWsQOc3ZAhbJPWnfP D/kEN20yvb6EXWha+70QJbrBsnN0M8MLF7x+ZWTKESOVpshUBG67iq/FWCpv3st2VTq4M0Ep b/ORIKlfEgSsGv6waooF0ik41ey3k6PIcuHTq/sCoFoC6EH75wqsbmLkVSyqTKm3MSjlN26d ei425iCXJSyH0L1WmeS0i0rzcF5BCu9V280DmNFHWkr4iHiyrVcNyccocMTeh6/ZG7XSI0wc TONVNnKtofVHkzwHMdDlDx4lFRG+V0ftimR5THlxtG8AzQKY9QARAQABzUJLcmlzdGlhbiBG aXNrZXJzdHJhbmQgPGtyaXN0aWFuLmZpc2tlcnN0cmFuZEBzdW1wdHVvdXNjYXBpdGFsLmNv bT7CwX8EEwEIACkCGwMCHgECF4ACGQEFCwkIBwMEFQoJCAUWAgMBAAUCWiWhXAUJFMX2sgAK CRALf4tg4+364/YeEACSDL8stCAArMoqgXlTAdAKQFedJHyoS2QFVzuLx+k7CCGt0jVrNh3d HRQ92pF2QJScWKw76/LHvh6lMBPJwBEXRIvQNDNUb/zyBx96FipC+Dkd8Fxu3s4W+6YCqUBa lmC5XKB6uF/W5wanvpAn1K8bvUb3sq86RYTD0qZui4LMhvm8A0A1Na4+ZeGyfBFhcH5Oh+nh wkZjL7mbMTe25QCeCs4wQpYowia70EZLcQF4MboF9GzH5PIb0ipG5Jtfk9QfSlT+bnkRL1KR DR6rHo7iAYcMt4oJVU1qo1akSBe0MsMI37OdWDtNvUy2Svd2BCLZl49KZnErleC3R/axrtkL 2w1f0P4FoiuPq7mPeiUBhLaZLlc2fz490cEwjsgsY6GuiCWlbyjBMtp0OKM4VBqt5tdxBo/R X5Y6kNOGWpDHx8D+Dl8ToTDJuH2I0k2wfcUibYzWfwXpPpwZ5iXidwLYXbBQ2qqlyB7MP3Po z3zl+UulJyxIYGjg2sO4FmmRs0tThceaNIiDtP5uPLu77oCkAAsWuFSfa6Iwq9+PIQTqTFhH nJ1v/xrdqKWSYB6tm9Tkb0KkUKxFhc7QVyphvh473UEAQ78bQFWrGHqiejQtiiR3MOubwUyt YkNi+ef068rs27SPfRmBAvRw2EMZWhWyX/P2xM4PPp24reOn4ZuAAM7ATQRVZfyNAQgAvppy gWUI21WpA8IZZC+HXywKOqAIXgEQG8m62kVE048A8gjwk8vcmDKU0vlD6OGZ0capeWzWK5kN Gi8kl4ejvgULXKQCAV8ycEUWXmBSmzabhGruMY96Hy1OILc9tb3Wpg3wggW+PZjc5IuLIa1k 9AiDg6SQExDhC27x1EUKZkxkIG+EThSKHbCFB3t4tbwlI8Na4LUfjOxCILA2KVl7CXD/eUNr apJeSGJOtYEhgNFhuHoSG7Po9k6cy2eRrviq9X9cEW10Y3ocCypKvenuUjrN4bUd0IUsODLy cZ3aL+zEmIdhZsG7dQeFmFeJKK+XDgLIMNgr+EP9+89U/COZ5QARAQABwsFlBBgBCAAPAhsM BQJaJaF0BQkGw/ojAAoJEAt/i2Dj7frjgbYQAIYDkXvyczRVnEZloYQbHsqjGwekWXTkTk74 yYF5U+GoGGzbdFAmF2FhhWxlwIoPLtWoUXmdBknyqtAHCIlYrqPi0fsY6SdIU3qdDDESjR9g ixoPKOP5pFRC3KsPn0MNUXElbkdHvn0YSjuj0GdBi8YUa1XGRNW/O8PH4HP900OipflQhuEC 3yI5AYiq+Grd80RzJg8F108bn8YmoHapV5zZGfzp5L3pHCNOGsBlpTDrQA3XvlKti3AujaF8 8Nq3tj5kTsj73I30WOctGH3d9QWdySuK5RekAYvMSHU7M9oHtwV9dfVdRFbbuP4fhf+yF56S yu0k7jGe8e0d1xshwOMIXu8/3z4hYOpPfAvkl7n3QNHeqtT1KwRYqCCwKeK8pKZZlsBJ3D6X PuEZyTc/JIiZr8yALslTYubCCNyYQj7fByxM7neVPPaciNhbkGHImwfJGPBSEuP/UXciroUc rvwwGfY76+WvezaU+O3SLcrT9i+emo9uA14Syb51RWz8h/x55Yu2UpONhArhearvW+0kJBx/ YzG0Us7TLMNAiiQYlGibMmaBgRWW33vMXWT9H3FIN8L1NI/Qvy3/N0zDHawUOUvVMNtAzbWe xFtxXQ7zyxLUBHHhFdezpWyXmm71qEaOMdDLnTwLqv3ENHUfZzmCc2KtZjTX0qrgBQD08nPn Subject: Re: [gentoo-project] Re: [gentoo-dev-announce] Call for agenda items - Council meeting 2018-12-09 Message-ID: <1c00c4da-8369-6539-2156-cf5b4375976e@gentoo.org> Date: Tue, 4 Dec 2018 10:54:58 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <1543894892.810.5.camel@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Archives-Salt: c26b0c03-859a-41a7-a871-1962d1b87b4a X-Archives-Hash: d97304f01e308d7664beea68c2f022a2 On 12/4/18 4:41 AM, Michał Górny wrote: > Are you asking the Council to make a policy for security team, > or to override the existing policy of security team? Because this > sounds like you're implying that security team can't make up their mind. This is indeed part of the ongoing discussion surrounding the GLEP for the security team; Before anything should go to council on this we need to put the the current draft up for a public discussion on the -project mailing list. > > Also, if the Council votes 'yes', what happens next? Does security > accept all stable arches? Do stable arches get demoted implicitly based > on security project considerations? The assumption would be that security needs to have a say for whenever an arch is added or if requesting to remove an arch. To balance this a a GLEP48-style/QA-style lead approval process is added and criteria to be used for such determination is included. Personally I don't see a problem with the status quo where security supported arches is listed as part of security project's documentation, and removals announced etc. The actual security implication for a lot of these arches will anyways be impacted by members of the team having limited knowledge of particulars, in particular when it come to auditing due to difference in assembly etc, so the major arches will anyways have a better foundation for being handled by the team, so security is relative to what we claim to know and do. In any case, too early for the council to do anything here. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3