On Tuesday 19 June 2007 06:40, Luis Francisco Araujo wrote: > I use to ask for stabilization of the new version of a package > immediately if it is supposed to fix an *important* security problem in > the package, so that way we spread as soon as possible the new fix to > our users. > > Not sure if this is documented somewhere as an exception to the 30 days > rule, but i have not had problems so far and the stabilization teams > have been willing to help me in such a cases.
We (the security team) ask for stabilization sooner than 30 days according to our policy¹. AFAIR it has only resulted in a few glitches now and then. When they happen they should be assigned to us to fix any regression. ¹ http://www.gentoo.org/security/en/vulnerability-policy.xml -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- [EMAIL PROTECTED] mailing list
