On 7/6/16 4:25 AM, Kristian Fiskerstrand wrote: > > That said, the reason the mask is questionable in this case is the low > severity of the bug, but that isn't a general case.
Bug #582240 - sys-devel/gcc: multiple vulnerabilities If the security team proceeded with gcc as it did with monkeyd, it would be masking it now. It doesn't have to be a general case. Looking through the security bugs there's so much link, its hard to tell what's good and what's not. > > If council approval of special projects as lead is an important factor, > maybe we should rather also approve security leads? > Approving a security lead is not sufficient. QA is governed by GLEP 48. The very procedure of producing a glep means scrutiny by the community as to its scope, mandate, procedure and powers. By the security team simply thinking it has the powers to p.mask and bump packages, its is essentially circumventing Gentoo governance. If it needs these powers, it should go through QA. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : bluen...@gentoo.org GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA GnuPG ID : F52D4BBA
