On 03/12/2017 07:11 PM, Roy Bamford wrote:
> > Why do Security Project members need to be ebuild devs? > Non ebuild developers can contribute by producing GLSAs, > for example. Where is that requirement stated? > > Who manages the Security Project (from outside). It appears from > the draft GLEP, nobody. That means that the project could become > moribund and nobody would notice. Its not like Gentoo enforces > or even checks for leadership elections. That's an anual event > anyway, so its not a measure of a projects continued well being. > Imposing too much bureaucracy and reporting might not be worthwhile, the security project's work is relatively easy to monitor in bugzilla activity and GLSA publication to begin with, less so for auditing, but that has always been specific to available resources. > > This isn't really a Security Project issue. If its ever needed, the > Security Project isn't active. It affects other projects too, like > comrel, QA and others. Perhaps there is a common solution > to taking a proqcts pulse and reacting when there is none. > Talking with the lead of respective projects should be a good start without need for specific procedures. One could imagine participation from various special projects in council meetings or just email exchanges, but it'd likely just end up with a bunch of "nothing new from the western front" that can more easily just be updated informally anyways if anyone is concerned. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature