2013/6/28 Charles Plessy <ple...@debian.org>: > Le Thu, Jun 27, 2013 at 10:28:15AM -0400, Alexandre Rebert a écrit : >> >> > I wished the respective report would have been sent to the upstream >> > developers, >> > not to Debian. We could have been a second resort when upstream does not >> > react to the reports (not unlikely, admittedly). Now, the Debian maintainer >> > sees the findings two weeks before the bug is made public. I do not feel >> > this >> > to be right. >> >> I agree with you that it would have been best to contact upstream >> developers instead of package maintainers. I couldn't find a tool >> listing upstream developers for a given package however, and that's >> why we contacted package maintainers instead. > > Hi, > > while the coverage is still tiny, there is an effort to collect contact > addresses listed in the debian/upstream file in the VCS where our source > packages are maintained. > > http://upstream-metadata.debian.net/table/contact > > In some cases, it is a valid email address. Perhaps you can give it a > priority > ?
Dep12 [1] doesn't have a Security-Contact field. Should we add one? (and maybe a Security-Submit?) [1]: https://wiki.debian.org/UpstreamMetadata Regards -- Mathieu -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafx5sbxoxujyom80o3mj2xom+9t-bbdvp_jevnhlyuoqupn...@mail.gmail.com
