commit: db8e3d5f27b9916dd9aadc2c8aae46cdbfb04df4 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sun Jan 25 02:26:16 2026 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Jan 25 02:26:16 2026 +0000 URL: https://gitweb.gentoo.org/proj/devmanual.git/commit/?id=db8e3d5f
general-concepts/security: refrain from bundling in other changes Sometimes we see people tempted to make other changes 'while at it' to the ebuild or package but this isn't appropriate for a new version or ebuild revision fixing security issues. Such other changes or improvements should be done separately, in part so as not to jeopardise stabilisation, but also not to muddy the waters with any possible regressions. Signed-off-by: Sam James <sam <AT> gentoo.org> general-concepts/security/text.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/general-concepts/security/text.xml b/general-concepts/security/text.xml index 36a4e85..ff84cbf 100644 --- a/general-concepts/security/text.xml +++ b/general-concepts/security/text.xml @@ -54,6 +54,13 @@ how long is needed to wait for stabilisation or file the stabilisation bug themselves, making it block the security bug. </p> +<p> +When committing a new ebuild to resolve a security issue, please refrain +from making unnecessary changes to the ebuild or functionality: instead +add a new ebuild revision later with unrelated changes if a new, +non-security release is not anticipated any time soon. +</p> + <p> For critical bugs, stabilisation is usually requested within 24 hours. For less serious bugs, consider the default timeline to be 7-14 days.
