On ke, 2008-04-16 at 13:55 +0200, Andrea De Iacovo wrote: > How do you think a maintainer should manage security issues when he is > not the package developer? Should he/she either work alone to make > patches or wait for the upstream patches/relases that solve the bug?
If the package maintainer in Debian can do something to make a security problem be fixed faster, they should do that. If they can provide the patch themselves, good. If they can't do that, perhaps they can help or encourage or recruit someone else to do that, also good. If nobody can do anything, bad. The point is to get the problem fixed, not to worry about whose responsibility it is or who gets the credit or what makes someone look bad. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
