* Guido Günther: > Hi Moritz, > On Sun, Mar 09, 2008 at 11:05:11PM +0100, Moritz Muehlenhoff wrote:
>> The Security Team is now using Request Tracker to coordinate work >> and our RT processes have already been refined a lot. >> If you're a package maintainer working towards a security update, >> you're now encouraged to open a ticket directly. You will be kept in >> CC during the life time of the ticket. If you're opening a ticket for >> a security problem, which is not yet publicly known, e.g. if you've >> discovered it by yourself or if you have been contacted by upstream, >> please open a ticket in the "Security - Private" queue. These >> issues will only be visible by the Security Team. > Should the RT also be used for breackage caused by a security update? Sure, but keep in mind that RT is intended for coordinating the actual upload, and not primarily for reporting the bug itself. > Is the security team interested in this kind of information our should > this be handled by the maintainer? Maintainer involvement is always desirable because it's better if someone familiar with the software prepares the upload. With complex packages, maintainer involvement is a must. It's not clear from the bug reports what's causing this regression, so there's little what we (the security team) can do what other interested parties can't do better and more quickly.
