diff options
| author |   Sam James <sam@gentoo.org> | 2024-02-19 06:09:25 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2024-02-19 06:14:56 +0000 |
| commit | 41637b377e3a1966f7b6b37c06c41e71449720d9 (patch) | |
| tree | 8fe96bf909e697a2e9703fc24ab071410b03de24 | |
| parent | Update riscv download page - multilib is back (diff) | |
| download | www-41637b377e3a1966f7b6b37c06c41e71449720d9.tar.gz www-41637b377e3a1966f7b6b37c06c41e71449720d9.tar.bz2 www-41637b377e3a1966f7b6b37c06c41e71449720d9.zip | |
support/security: update vulnerability treatment policy wrt "supported architectures"
* Rework the stale list of "supported" architectures, as it didn't reflect reality.
(+arm64, +ppc64, -ppc, -x86).
* Mention discretion wrt how long we may wait before publishing a GLSA for non-amd64.
* Make clear that the status is purely about waiting for publication, nothing else.
* Rename "supported" -> "primary" and "unsupported" -> "secondary".
Signed-off-by: Sam James <sam@gentoo.org>
| -rw-r--r-- | support/security/vulnerability-treatment-policy.html | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/support/security/vulnerability-treatment-policy.html b/support/security/vulnerability-treatment-policy.html index a7316c2..5676ee7 100644 --- a/support/security/vulnerability-treatment-policy.html +++ b/support/security/vulnerability-treatment-policy.html @@ -21,23 +21,25 @@ body_class: nav-align-h2 </p> <p> - For this reason, the security team separates Gentoo architectures into two groups, <strong>supported</strong> and <strong>unsupported:</strong> + For this reason, the security team separates Gentoo architectures into two groups, <strong>primary</strong> and <strong>secondary:</strong> </p> <dl> - <dt>Supported</dt> + <dt>Primary</dt> <dd>these architectures must have a stable fix committed before the GLSA can be released</dd> - <dt>Unsupported</dt> - <dd>these architectures will be notified of new vulnerabilities (cc on relevant bugs), however, we will not wait for a stable fix on these arches before issuing the GLSA and closing the bug</dd> + <dt>Secondary</dt> + <dd>these architectures will be notified of new vulnerabilities (cc on relevant bugs), however, we may not wait for a stable fix on these arches before issuing the GLSA</dd> </dl> <p> - Here is the list of currently supported architectures: <strong>amd64, ppc, ppc64, x86.</strong> + Here is the list of primary architectures for the purposes of a GLSA: <strong>amd64, arm64, ppc64</strong>. However, + discretion may be applied depending on the package, the severity of the issue, and its popularity as to whether GLSA + publication should be blocked on non-<strong>amd64</strong>. </p> <p> - All architectures are welcome and encouraged to become a supported architecture. - There are two straightforward criteria that need to be met in order to be officially supported by the Gentoo Security project: + Secondary architectures may become a primary architecture for the purposes of GLSAs. + There are two straightforward criteria that need to be met: </p> <ul> |