On Thu, Nov 13, 2008 at 1:38 PM, Randal L. Schwartz <[EMAIL PROTECTED]> wrote: > Who handles the errata page, assigning the sequential numbers and deciding > whether it's a security fix or not? Surely, it would be easier to teach that > small set of people (one?) to cc the mailing list on a security announcement, > rather than expect that everyone with a core commit bit be reminded to watch > errata to notice when their particular contribution has been accepted as a > security patch. What am I missing here?
There's no real good reason why it can't be the same person, but maintaining stable already sucks enough without having more work. I won't ask that. And I strongly believe that the person making a security fix needs to take responsibility for seeing it through to the end. If they can't handle that, I don't think they should be making security fixes. Of course, everything I've said so far is more my opinion than project rules. By now, it should be pretty clear that the rules are not clear.
