> BTW, the mails you have been sending with links to the crashes have > been going to publicly archived lists, not sure if you meant for that > to happen though? >
I don't think the Mayhem team is at all to blame for that: we seemingly simply don't have the necessary information in place. For mass bug filings with potential security implications, we'd need some Maintainer-private field in our control files. I think it is simply impractical to go and ask for those people doing the MBF to take a look at each package to figure out *manually* which address to use for private contact. In a similar vein, also machine-readable information about upstream contact points would be useful for MBFs that relate to upstream issues (such as this one). Best, Michael
pgpQ9gqk7tKJj.pgp
Description: PGP signature
