On 07/17/2010 07:02 PM, Petteri Räty wrote: >> Do stabilisations on the security bug so arch team members can skim >> through their stabilisation list by just looking for secur...@g.o to >> find the vulnerable packages. >> >> V-Li >> > > If you want things to happen this way then it should be at least > documented in the devmanual.
It's in the security project's policy: "once an ebuild is committed, evaluate what keywords are needed for the fix ebuild and get arch-specific teams to test and mark the ebuild stable on their architectures (arch-teams should be cc'd on the bug, as well as releng during release preparation) and set status whiteboard to stable" http://www.gentoo.org/security/en/vulnerability-policy.xml, Chapter 4 As the CC'ing should be done by the security folks/the maintainer when a new ebuild is ready, I don't think it needs to be in devmanual. The relevant people should be aware of the process.
signature.asc
Description: OpenPGP digital signature
