On 27 July 2017 at 13:37, Stephen John Smoogen <smooge@gmail.com> wrote:

On 27 July 2017 at 13:11, Michael Catanzaro <mike.catanzaro@gmail.com> wrote:
Ouch.

Since the unresponsive maintainer process takes some time, could a provenpackager please update ImageMagick while we wait for this to go through?

It is a serious oversight that our security process can fail like this for such a major package when the maintainer is not watching Bugzilla. :/

Looks like we have a new volunteer for the Security process. Which is where this comes and goes over years. We have good years with various people helping to keep track of security related tasks and helping with packages. And then they all burn out from being told not to touch packages without permission or similar things and we have bad years. Then someone comes and says "It is a serious oversight" and get put in the position of fixing it.. and we do the dance again

And I hit send too soon.

I am not saying this is a good method and we should probably find a new way that can be staffed and enforced. However we have a lot of other things we should be doing and only so many people with time who can do them. So what is the priority of this over all of the other items that needed to be dealt with... which is a question for consensus over peanut gallery points from me.

--
Stephen J Smoogen.

Stephen J Smoogen.