On Tue, Mar 14, 2017 at 7:55 PM, Yury German <[email protected]> wrote: > > > The maintainer also knows the package, dependencies, other bugs filed, etc. > Removing things for your > packages might be simple, but it is not the same across all packages and that > is the reason we ask the > Maintainers to take an active step in cleaning up.
I agree. The security team should be empowered to do the cleanup, but I think their first priority should be to administering the overall process. Anything maintainers can do to move it along is probably going to make the process more efficient. The reality is that most of the "work" in terms of commits/etc in security work is really done by maintainers and arch teams. The main role of the security team is to ensure that it is all happening, so they're going to spend a lot of time herding along everybody else. They can always chip in with other things but if they don't do the administrative overhead nobody else will. -- Rich
