On Tue, May 9, 2017 at 12:23 AM, Yury German <bluekni...@gentoo.org> wrote: > > we can not call for cleanup or release the GLSA, > waiting for a stabilization of a non-core package, while the actual > package has been in a tree in ~arch status for weeks or months.
Why not? If an arch is considered a non-security-supported arch then you would just ignore it in a security bug. -- Rich
