> On 12 Aug 2021, at 16:17, Agostino Sarubbo <[email protected]> wrote: > > On giovedì 12 agosto 2021 14:53:33 CEST Michał Górny wrote: >> To resolve these problems going forward and establish consistent >> behavior in the future, I'd like to propose to disable 'package list' >> fields on security bugs and instead expect regular stabilization bugs to >> be used (and made block the security bugs) for stabilizations. While I >> understand that filing additional bugs might be cumbersome for some >> people, I don't think it's such a herculean effort to outweigh >> the problems solved. > > I think it is a good idea but the stabilization bug that blocks the security > bug should at least have something (bugzilla KEYWORD?) to facilitate the > search of the security stabilization. > Atm we look for bugs with assignee = security@ and cc = arch@ >
This is my primary concern and as long as we use e.g. the SECURITY keyword, I'm happy. From #gentoo-dev: [22:34:36] <@sam_> ago: I was wondering if I could just detect by blockers but I think SECURITY blocker is simpler and requires less code/handling overall, so WFM [22:35:25] <@ago> yeah I'm a _little_ bit unsure about the extra work of filing new bugs, but I suspect It's going to be worth it because of less special casing for everybody involved (and not having to explain why security bugs are different to newbies, proxied-maints, ...). best, sam
signature.asc
Description: Message signed with OpenPGP
