Quoting Charles Plessy (2013-06-28 00:07:55) > Le Thu, Jun 27, 2013 at 10:28:15AM -0400, Alexandre Rebert a écrit : > > > > > I wished the respective report would have been sent to the > > > upstream developers, not to Debian. We could have been a second > > > resort when upstream does not react to the reports (not unlikely, > > > admittedly). Now, the Debian maintainer sees the findings two > > > weeks before the bug is made public. I do not feel this to be > > > right. > > > > I agree with you that it would have been best to contact upstream > > developers instead of package maintainers. I couldn't find a tool > > listing upstream developers for a given package however, and that's > > why we contacted package maintainers instead. > > Hi, > > while the coverage is still tiny, there is an effort to collect > contact addresses listed in the debian/upstream file in the VCS where > our source packages are maintained. > > http://upstream-metadata.debian.net/table/contact > > In some cases, it is a valid email address. Perhaps you can give it a > priority ?
Perhaps it makes sense for that project to fetch data from DEP5 when used (and treat it as a bug against the package if not up-to-date!)? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
