>>>>> On Tue, 12 Sep 2017, Matt Turner wrote: > I suggested that when security bugs are complete, that if there are > exp architectures still Cc'd, that security simply reassign to the > maintainer and let the bug continue as a regular stabilization bug.
> Unfortunately Aaron says that this is far too much work -- the hassle > of reassigning a bug and all. Let's look at the security team's own policy on that (thanks to K_F for pointing me to it): https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Bugs_in_.5Bstable.5D_status | All arches (including "unsupported" arches) must be called. But note | that only "supported" arches (as defined in the policy) are needed | before the bug can advance to [glsa] status Note that it says "unsupported arches", not "unsupported arches with a stable profile". In fact, the whole guide doesn't mention profiles at all. The alternative scenario would be only to add supported arches to the security bug. This would mean that the maintainer had to open a second bug for stabilisation on unsupported arches (which includes not only arches with experimental profiles, but also stable ones like arm). Maybe that would take away some hassle from the security team, but it would certainly mean more work for both maintainers and arch teams. Ulrich
pgpOLcjXAYHx2.pgp
Description: PGP signature