From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4F38B138A1A for ; Wed, 7 Jan 2015 17:45:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1BEB4E086D; Wed, 7 Jan 2015 17:45:09 +0000 (UTC) Received: from mail-ig0-f182.google.com (mail-ig0-f182.google.com [209.85.213.182]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A520BE086C for ; Wed, 7 Jan 2015 17:45:08 +0000 (UTC) Received: by mail-ig0-f182.google.com with SMTP id hn15so1698800igb.3 for ; Wed, 07 Jan 2015 09:45:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=Njn6EBsizKc0fuGExma/xITlatcrSlBEfWV5lvl926g=; b=TXQgd30mnRJZbaU/7oaKf5LHTLPrUuKi2EgTBuWYwm+rfwIXj7sVJnj173q+v5HK90 cdiLR0LQrc1+Lc1pCEFncJfoGLlfcn86DJcxEYFNeYL/UuEOUyaot+Vg17EStWmyt2e9 /alHto1f8PB6mp4kkJzlVLXH0zGo+xO6sKHJeRJw++kEhRML1poYM7wxlfqiHwb8f2Wc 69pW59ZF/u9praYq4kbb3d930TETjymrK2fgaIxZWFjyyhxYzUhinNvAe/xCUcIse7aw yfmXlWc9At9aKDmuaCM6v/r1633m+5+3S+Zd39xDCXYXIaPsCXKW3SyKbpFpCuTlzT63 0d6A== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.50.25.166 with SMTP id d6mr23080027igg.41.1420652707946; Wed, 07 Jan 2015 09:45:07 -0800 (PST) Sender: freemanrich@gmail.com Received: by 10.107.182.133 with HTTP; Wed, 7 Jan 2015 09:45:07 -0800 (PST) In-Reply-To: <20150107163052.GA7151@linux1> References: <201412271334.34252.dilfridge@gentoo.org> <20150107163052.GA7151@linux1> Date: Wed, 7 Jan 2015 12:45:07 -0500 X-Google-Sender-Auth: pitbuzfbDuO8U3EynNqzlOeePNk Message-ID: Subject: Re: [gentoo-project] Council meeting 2015-01-13: call for agenda items From: Rich Freeman To: gentoo-project@lists.gentoo.org, Richard Freeman , Sergey Popov Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: a9e63541-672b-4b88-8db4-05d5651f5cf1 X-Archives-Hash: 2cdbc596489c0e5f59b6db7387ee0fa7 On Wed, Jan 7, 2015 at 11:30 AM, William Hubbs wrote: > That's the whole point of a last rites, to get people to step up and > take responsibility for packages. Also, this was cleared with the qa > lead before it was ever sent out. Define "take responsibility for packages." As far as I'm aware there is no policy that requires maintainers to fix any upstream bug, and security issues are almost always upstream bugs. A package with a security bug for 10 years could be perfectly well-maintained, with regular updates/etc as often as upstream publishes them. Some software projects are fairly mature and don't get a lot of upstream updates, so a package might be untouched for 5 years and have security issues and still be "well-maintained." I think the solution to this is to have the community agree on just what "well-maintained" actually means and documenting this as policy, versus just making individual judgment calls. To be sure there will still be grey areas, but I think that right now the policies are too vague to try to enforce something like this. > > So I am operating clearly within the scope of qa, since the job of QA is > to keep the tree in a consistent state for our users. > > So with all respect, I don't understand why this even needs to be > escalated to the council. There are many who would probably say that the tree is already in a consistent state for our users. I realize that you feel otherwise, and perhaps others in QA also feel otherwise. Maybe the vast majority of the community would agree with you, but the whole reason for this discussion and putting this on the Council agenda is so that we can can get a sense for what the community wants and then consistently follow that as policy. It makes far more sense to deal with general policy issues like this before we start treecleaning than to just leave it up to QA, have users switching to overlays, and then have it appealed to the council and potentially have everything re-introduced to the main tree. -- Rich