On Fri, Sep 14, 2012 at 7:15 AM, Alex Legler <a...@gentoo.org> wrote: > A general note: The request makes one wonder a bit how much you actually > care about your package if a few emails disturb you. Arches, Security, > and users reporting issues are trying to help you get the package into a > good shape.
I suspect that this concern arose in part due to a series of around two dozen bug comment emails that were sent to the chromium@ alias in the span of a day relating to security problems for versions as old as chromium-7. I doubt anybody anywhere still cares about security problems with chromium 7 - just about every major chromium release contains security fixes, so if you aren't on the latest major version you're guaranteed to be vulnerable. A good tip is that if you haven't worked out your CPUs in the last two weeks on a chromium build, you're out of date. I suspect this is a bit of a one-off as the security team continues to catch up from a past hiatus (stabilizations were getting done, but GLSAs were never issued). I remember there being a wave of ancient GLSAs a few months ago, but perhaps the entire queue wasn't flushed out. Aliases that pertain to a large number of security-affected packages were probably disproportionately impacted. So, if this is a one-off then perhaps we shouldn't use it as the basis for policy changes. That said, I think your proposal to allow maintainers to un-CC themselves after the tree is cleaned up makes sense. Rich
