1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [gentoo-dev] Stabilization Detached from Security Bugs

    From John Helmert III@21:1/5 to All on Fri Aug 27 02:20:01 2021
    Hi all,

    In the past, stabilization for security bugs would be handled directly
    in that security bug. After some discussion on the gentoo-dev mailing
    list [1], there was some consensus on modifying this workflow to
    separate stabilization from security bugs. Going forward, separate bugs
    should be filed for security stabilizations and then the security bug
    will have a dependency on its stabilization bug.

    Thanks!

    [1] https://archives.gentoo.org/gentoo-dev/message/72d1747bb087c0317e492177c9653cc3

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEElFuPenBj6NvNLoABXP0dAeB+IzgFAmEoLakACgkQXP0dAeB+ Izh4pBAAl8lhjwe0l6dj+H4j/NWvgyPvk9kZYZsoEICtNEKXcZgSdE086vW0i1gk vFIMZIlCGZhl02TcxbFw5TsV2IuXSdaPdeHvhP/xRrN54CNukVBtjzFyemK2Uvz+ v2J6Qn6IArKGOkWAoH1e5Mo3Llrm9g4r4jIKXpY5kCnGMB6KYLIeb7hO4QI3BU/v 0fE0qcm24PC90GIk3xjbsPK2ffhHydiECpcSeHX1Cc6xBZv7DDJqWVtdKW/KAjJJ mm9oXmQB0QusRnk4AVTT4mwjxhwuMhtv1k3O3KZUWWGzIpirIVN/uHEO2J6JCcuZ lRtkHYTAdGU2M6Acpkq2kxTXvF5coe0lFy+USU4HC1Ja6e4AGdaJO3Yvgaf5b8wR 6VwoDRUfkoa0V1AQqy6e0ccoZTq/lfuLXoU3oCAl2ikVeJltFwoyNYc50S0tmAPC RSB8PPPWNfgrqetGR3aWkCuPdNSjURcKO/JDACArlRV3pCunFO0SXMhcgyB15XZz Gc+366h5mloDa4YuxiVIc6jNOVNWxvWSaSHKMfxg2iH4FpjpH9gSIYGHAORW9L6N KXjmWC+kE2fRzZ7s8JCOIgGBpyGkLtuJWhu4XKAhA3sFmIjZdLsqXEFnFsUo7yva R+6dj2dKUVCj4HZx0T4OHn7jATySkmWoRGORbPCyoImlg8T9gwU=
    =S6EF
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Matt Turner@21:1/5 to All on Fri Aug 27 03:50:01 2021
    \o/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?=@21:1/5 to John Helmert III on Fri Aug 27 09:00:01 2021
    On Thu, 2021-08-26 at 19:11 -0500, John Helmert III wrote:
    In the past, stabilization for security bugs would be handled directly
    in that security bug. After some discussion on the gentoo-dev mailing
    list [1], there was some consensus on modifying this workflow to
    separate stabilization from security bugs. Going forward, separate bugs should be filed for security stabilizations and then the security bug
    will have a dependency on its stabilization bug.

    Great! I can make the field invisible on security bugs when you've
    confirmed that all pending stabilizations are finished. Or without
    that, if you prefer ;-).

    --
    Best regards,
    Michał Górny

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John Helmert III@21:1/5 to All on Fri Aug 27 16:20:01 2021
    On Fri, Aug 27, 2021 at 08:58:35AM +0200, Michał Górny wrote:
    On Thu, 2021-08-26 at 19:11 -0500, John Helmert III wrote:
    In the past, stabilization for security bugs would be handled directly
    in that security bug. After some discussion on the gentoo-dev mailing
    list [1], there was some consensus on modifying this workflow to
    separate stabilization from security bugs. Going forward, separate bugs should be filed for security stabilizations and then the security bug
    will have a dependency on its stabilization bug.

    Great! I can make the field invisible on security bugs when you've
    confirmed that all pending stabilizations are finished. Or without
    that, if you prefer ;-).

    Sure! But let's at least wait until we're done with the pending security
    bugs which have CC-ARCHES [1], just to keep churn (and work for us)
    a bit lower.

    [1] https://bugs.gentoo.org/buglist.cgi?email1=security%40gentoo.org&emailassigned_to1=1&emailtype1=substring&f1=keywords&list_id=5758333&o1=substring&query_format=advanced&resolution=---&v1=CC-ARCHES

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEElFuPenBj6NvNLoABXP0dAeB+IzgFAmEo8twACgkQXP0dAeB+ IziIehAAqFM8/CDW41WXtwHQG4b++taHmM1vTTJcugv5iZMaPMl/pibOKVuRiI4o 60D/QWSrQzjQZRzZEH4gqZJ0RN1eaqy8t7DILIKVQ0pxV6yfemirbD8/7HhtHs3o PXu0ly/0jg1VTUQ8gNwsO46AAHzyvQ7sCRBJHOwFkUmQ8pgS5C81FheV9jIMEbVK OAAKXdtk0EPZJN2WJSmin3z8IS8UTYnBQQOJhkte+Ses2crs/WX9s29PL/ubDwYY dW5zypNCOnpGHeSvoUr4QoxubzxqCpz+gdctaQCV9D8lCyv6NHl+WfthD0v1EvT1 1Lq8EvawsLKpDCr9+1RyXvwwFzmM+ANlsMG5B/RuhzPmd8qj8SLcI36l3U5IXiIL 5xQm/cgsQeNitkqc1IHCIaXPdSO6MXBSj/tWUT5Ww6CXO4FRaMWrYnm4B1vloLNV eRxQ6Q+eIu+0UORq3mQEPhU+HOMVqY/xpgj+nN3MKdUAQ48agPjYCOIeWx9l7Q6r tusii9doPI3T6JoI08V80WIxVVezZpVIqTW7OMvpykLMWVzqk+VUha7iEgR6JoA5 ONsV4xelaMpm2OHZBNnUF2uBtJDgrsw5IG0hcMEXipc45FFXuRcSGofR5BuCIAGX GTJ39djhbI2shNEsZCXecUI5lSlKaWWU9bnzyfTef0zd7JJCLrI=
    =yTQX
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)