On Wed, Sep 12, 2012 at 2:29 PM, Jeroen Roovers <j...@gentoo.org> wrote: > > So you would want to be re-CC'd when it is time to remove the vulnerable > versions, I guess.
Isn't this done shortly after keywording is complete? I think the concern is more about issuing GLSAs/etc, which apparently can happen months or years after the vulnerable versions were removed judging by recent chromium@ mail. > You can un-CC yourself. I don't see why security@ should be doing the > legwork. I see no issue with that. Rich
