On Fri, 2006-12-01 at 07:22 -0600, Andrew Gaffney wrote: > Steve Long wrote: > >>> There'll always be GLSA's to respond to. That's another issue that > >>> needs to be handled w/ a slow-moving tree. Are you going to restrict > >>> changes in the slow-moving tree only to changes against a GLSA? > >> That's what we've said. > >> > > I don't have a problem with this at all. The slow-moving tree isn't; it's a > > release tree. The only question I have, which Stuart also mentioned, is > > whether all security updates go thru the GLSA process. > > Are you asking if all security updates that are done to the release will have > gone through the GLSA process? I'd say the answer is yes, since the only > updates > that will go in the release tree are security updates from GLSAs :P
Actually, we would have to review the process, since not everything that gets a security bug ends up with a GLSA. My current loose rule is that if it deserves a GLSA, then it deserves and update, but I don't know the exact criteria the security team uses to decide if something warrants a GLSA or not. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation
signature.asc
Description: This is a digitally signed message part
