> On Nov 16, 2016, at 12:09, Daniel J. Luke <[email protected]> wrote: > > On Nov 16, 2016, at 10:16 AM, Mojca Miklavec <[email protected]> wrote: >> The only thing that could be done would be a slight delay between >> master and "stable". For example everything that's in master would go >> to "quasi-stable" after a week unless some problems are discovered >> (and then the port would be held back). But this requires extra >> manpower again. Something we lack already. > > I think it would be nicer to just be able to have ports tagged with some > metadata (passes lint, buildbot was able to process, installed by n # of > users who have agreed to send stats back to the project, etc.) > > End users could use the metadata to make the kinds of decisions one might > make for 'stable' vs. 'unstable' stuff elsewhere. > > -- > Daniel J. Luke
For some manually added metadata, where the upstream purports to fix a CVE, the CVE number it fixes might be of interest to some, especially if the presence of that field could be used to select upgrades.
