Overview
Request 1101188 revoked
follow-up based on comment in SR#1101063
- Created by AndreasStieger
- In state revoked
Loading...
Request History
AndreasStieger created request
follow-up based on comment in SR#1101063
krop declined request
This information is not useful for anything
AndreasStieger reopened request
Security team wants this
krop declined request
Stop that
darix reopened request
the policy is very clear about what is expected here. yes we know that chromium includes a lot of intree libraries, but that doesnt mean it is excempted from the policy
AndreasStieger revoked request
Declined twice by maintainer. Security team and review team should talk to maintainer if they wish, or accept without this. This will block Chromium 116 around 2023-08-22.
I'm not interested in this change.
This bundle information is useless for packagers and wrong for every imaginary cases. This is not re2 = 2020-10-01
JFYI the policy is created to ensure that e.g. the security team can find all the copies of a library to check if we also need to fix said copies.
and it's utterly stupid in this case: https://github.com/google/re2/security
just because google doesnt use the GH included security handling does not mean that there is not a proper security handling for the re2 library.
If you prefer https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=re2, why not.