Hi, I apologize if the proposal looked as we bypassed or ignore bodies like TSC. That was not the intention neither make Richard unhappy.
As I said in the proposal, the idea is to be totally optional. I didn't want to change any policy but just have an additional way to collaborate in this area. Even if some people/companies don’t want to share if they start they can still benefit from it and decide what to work on if someone else already signal they have started to looked at it. And from the comments, probably it is better to keep it out from the yocto documentation. Sending the proposal in the mailing list, was an attempt to drive it and bring the idea to a broader audience. Best regards, Daniel > -----Original Message----- > From: Richard Purdie <[email protected]> > Sent: Thursday, 5 February 2026 19:03 > To: [email protected]; Daniel Turull > <[email protected]>; openembedded- > [email protected] > Cc: David Partain <[email protected]>; Marta Rybczynska > <[email protected]> > Subject: Re: [security-discussions] [Openembedded-architecture] Proposal for > coordination on work for CVE backports > > On Thu, 2026-02-05 at 11:57 -0500, Philip Balister via lists.openembedded.org > wrote: > > I am going to make the suggestion: > > > > Let's try what Daniel suggests. > > > > Far to often we get bogged down in conversations about what the > > correct thing is to do, and lose track of the fact we need to do > > something and see what works. The list he suggests only has a handful > > of posts and if it doesn't get any traction, I will suggest we remove > > it. Until, lets see of people working in this eco system can use it to > coordinate work. > > > > If we can get people coordinating over email, then we need a larger > > conversation about getting people to work together. > > Your call but I'm not particularly happy about this. This basically says that > when people feel like it they can bypass/ignore bodies like the TSC and there > isn't really going to be any responsibility/fallback/oversight. I would > *love* to > be able to do many things more freely yet I am permanently tied up in so > much red tape I feel like I'm drowning and can't get anything done. > > The security-discussions list has sat for a number of months with a single > post. It seems the idea didn't work out and yet the list is still there and it > causes confusions with other "security" lists. Is something going to be done > about that or are we still hoping it might work out? Is someone going to drive > that? > > Cheers, > > Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2247): https://lists.openembedded.org/g/openembedded-architecture/message/2247 Mute This Topic: https://lists.openembedded.org/mt/117655357/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
