> On 23 Oct 2021, at 14:40, Sam James <s...@gentoo.org> wrote: > > > >> On 23 Oct 2021, at 02:55, Thomas Deutschmann <whi...@gentoo.org> wrote: >> >> On 2021-10-21 17:16, Mike Gilbert wrote: >>> On Thu, Oct 21, 2021 at 4:05 AM Michał Górny <mgo...@gentoo.org> wrote: >>>> 4. In the end, Security team isn't really respecting this policy. >>>> In the end, this leads to absurdities like GLSA being released before >>>> a package is stable on amd64, and confusing the users [4]. >>> This is certainly an absurd mistake, but I think it is unrelated to >>> the topic of your message. It looks like Whissi jumped the gun on >>> releasing a GLSA, which could happen regardless of the policy. Am I >>> missing some context? >> >> Yeah, #4 is bullshit. >>
> Well, it's not bullshit per se, it's just not consistent with the policy. We > should > update the policy to reflect real life. > > What I'd probably like us to do is have at least amd64 stable before > publishing in future (and if there's a reason amd64 can't be, we probably > can't/shouldn't stable on other arches anyway). ... additionally, even if we're not going to update the policy page (I don't see why we shouldn't), what exactly does this leave "security supported" meaning...? mgorny pointed this out already but there's no real point to having the designation: it makes no difference wrt cleanups and also no real difference to when we publish GLSAs either. > [...] > best, > sam
signature.asc
Description: Message signed with OpenPGP
