On 2017.03.11 20:50, Kristian Fiskerstrand wrote: > A draft of a Pre-GLEP for the Security project is available for > reading > at https://wiki.gentoo.org/wiki/User:K_f/GLEP:Security > > The GLEP follows a line of GLEPs for special projects that have > tree-wide access in order to ensure proper accountability (c.f GLEP 48 > for QA and still non-produced GLEP for ComRel (I've started working on > this and will be presenting this one later as current ComRel Lead)) > > Comments, patches, threats, etc welcome > > -- > Kristian Fiskerstrand > OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > >
Kristian, First of all, thank you. We have needed something like this for several projects, for some time. A few odds and ends. Why do Security Project members need to be ebuild devs? Non ebuild developers can contribute by producing GLSAs, for example. Who manages the Security Project (from outside). It appears from the draft GLEP, nobody. That means that the project could become moribund and nobody would notice. Its not like Gentoo enforces or even checks for leadership elections. That's an anual event anyway, so its not a measure of a projects continued well being. Compare the Security Project to council, that have a monthly showing of project health. Projects tend to be left alone. Gentoo has several projects that appear to be unmanaged but cannot be permitted to die out. This is one. Who takes the Security Projects pulse and how? A periodic automated message to -dev that all Security Project members "reply to list" is both public and mimnimally invasive. Its no more than 'roll call'. Now the hard one, who does what when there is no pulse from the Security Project? This isn't really a Security Project issue. If its ever needed, the Security Project isn't active. It affects other projects too, like comrel, QA and others. Perhaps there is a common solution to taking a proqcts pulse and reacting when there is none. -- Regards, Roy Bamford (Neddyseagoon) a member of elections gentoo-ops forum-mods
pgpQAiSAKWYXf.pgp
Description: PGP signature
