On Thu, 14 Sep 2017 08:28:23 +0100 Sergei Trofimovich <sly...@gentoo.org> wrote:
> On Wed, 13 Sep 2017 22:44:23 -0400 > Yury German <bluekni...@gentoo.org> wrote: > > Thank you! That's very helpful. A few clarifying questions below > to be absolutely clear. > > > OK so let me repeat the comments that were made on @dev (and expand a bit > > further) and close the issue. > > > > 1. Maintainers are free to cc the non-stable and experimental arches as > > part of their call for stabilization. It is up to the maintainer of the > > package to decide. > > > > 2. This is providing that there is no problems caused by stableboy or extra > > dependencies raised > > Note: as a follow up change was made: 07:47 <@kensington> leio: b-man: good > > point, dropped sparc from stable_arches > > > > 3. Clean up is required as part of the security bug process, and if an arch > > is holding it up (example hppa before Slyfox took it over) an issue would > > have to be raised with the QA team for action. [1] > > 'Cleanup' is only vulnerabe ebuild removal, not CC removal from the bug, > right? > > > 4. Bugs will be closed without waiting for any non-security supported > > arches, once the security process is complete. > > CC for exp lagging arches are not removed from the bug, right? > > > 5. Security bugs are not re-assigned since they are assigned as a > > vulnerability in bugzilla. If you need to continue work on the bug, please > > feel free to open another bug for the particular arch for stabilization, > > fix, etc. > > > > If you have any questions please let me know. > > > > > > [1] - > > https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Bugs_in_.5Bcleanup.5D_status > > Ping. -- Sergei
pgpS9_exdyk7d.pgp
Description: Цифровая подпись OpenPGP