Hello, Splitting from the discussion in [1] (moving more arhitectures to ~arch), I'd like to propose that we remove the "security supported" architecture list from [2] and instead level security support with the general architecture support in Gentoo, e.g. by having all architectures with stable profiles be "security supported".
Rationale: 1. The architecture list seems to date way back and doesn't seem to have been maintained properly. According to CVS history, the last time a new architecture was marked "supported" was in 2005; since then, architectures were only removed. After the migration to new website, the points of contact for architectures aren't even listed anymore. The presence of 'ppc' on the list is doubtful at best. At the same time, 'arm64' is not supported. 2. Keeping a separate list can cause confusion, if not make users of architectures such as arm64 feel belittled. I don't really see why the Security team should be overriding the overall Gentoo architecture support status. 3. Per the policy, Security team "will not wait for a stable fix on these arches before issuing the GLSA and closing the bug". The former I don't have a problem with but how could you close the bug before cleaning up old versions, and how would you clean up the old versions when the new ones aren't stable yet everywhere? 4. In the end, Security team isn't really respecting this policy. In the end, this leads to absurdities like GLSA being released before a package is stable on amd64, and confusing the users [4]. While I agree we could probably establish some criteria when GLSAs should be released, the current policy is incorrect and obsolete. In my opinion removing the list is the first step towards cleaning stuff up. [1] https://archives.gentoo.org/gentoo-dev/message/fd18905401a1aec78aa6af7238f5ca1c [2] https://www.gentoo.org/support/security/vulnerability-treatment-policy.html [3] https://gitweb.gentoo.org/archive/proj/gentoo.git/log/xml/htdocs/proj/en/security/index.xml [4] https://bugs.gentoo.org/789240#c2 -- Best regards, Michał Górny
