I like this too. Anything to simplify. Within Legacy we tried ot make
things way too complicated to begin with. Over time we've adopted much
more simple processes and continue to do so. As Legacy adopts more
Extras like infrastructure, it would make sense for Extras and Legacy to
collaborate on security policies. One applies to Core packages in EOL
releases (Legacy) the other applies to Extras packages in general.
This also brings up the question of how do we want to (if at all) have
Legacy and Extras security teams work together. There probably won't be
much overlap, but often the analysis is the most important part of dealing
with security issues.
--
JB