On 2012-09-13 03:59, Pacho Ramos wrote:
Hello
Currently, package maintainers are CCed to security bugs when their are
needed. The problem is that, once maintainers add a fixed version and
tell security team they are ok to get it stabilized, maintainers are
kept CCed until bug is closed by security team. This usually means
getting a lot of mail after some time when security team discuss if a
GLSA should be filled or not, if security bot adds some comment... some
of that comments are applied to really old bugs that need no action from
maintainers.
Maybe would be interesting to change the policy to unCC maintainers
again when their action is no longer required.
What do you think?
Thanks for your thoughts
Hello,
Is the policy you describe officially documented, or just current behaviour?
In KDE and Qt herds for example, we usually just unCC ourselves when
we've taken the required action.
Best regards,
Michael
