Ciaran McCreesh wrote:
On Sat, 05 Jan 2008 20:32:09 -0600
Martin Jackson <[EMAIL PROTECTED]> wrote:
Perhaps you should have explicitly stated in the bug that it was for
security reasons and thus a priority. Make things easy for the arch
teams -- if you have useful information like that, provide it in an
easy to see place. Looking at that bug, I don't see anything
indicating that there's any reason it should have been considered
over more widely used packages.
Because setuptools is not widely used?
The sec bug was (and remains) linked as a blocker. Is that not
explicit or easy enough?
When arch people get dozens to hundreds of bug emails per day, no, it's
not. A simple "this is now a security issue, see bug blah" makes it an
awful lot easier for arch people to prioritise -- emails that merely
show blockers added or removed tend to get ignored because a) they're
almost always meaningless changes from the arch team's perspective, and
b) the bug email doesn't convey any useful information on its own
anyway.
To be clear, the security issue didn't arise until November 7, 2007.
The request to keyword setuptools was *not* a security issue until then.
Thanks,
Marty
--
[EMAIL PROTECTED] mailing list
