Hi Markus and others Thank you. I have now updated the wiki to describe this. Let me know (or adjust the wiki) if you think we should handle this in some other way.
Best regards // Ola PS. If you wonder why I waited with sending this email, I was busy triaging last week. :-) DS. On 8 June 2017 at 23:29, Markus Koschany <a...@debian.org> wrote: > Am 08.06.2017 um 23:14 schrieb Ola Lundqvist: > > Hi LTS team > > > > Today I got a reply from the tor maintainer that he felt pushed. He > > wanted me to hold back more than a few minutes before pinging him. > > I'm guessing this because the security team informed him shortly before. > > I do not know that for sure yet as I just sent that email. > > > > My question to you is if we should change the instructions at > > https://wiki.debian.org/LTS/Development ? > > The instructions do not give any guidance on this. > [...] > > I think we overdo it sometimes with those contact emails. If I recall > correctly then it was Peter himself who asked the security team in > #debian-security to assign the CVE for tor. So he was fully aware of the > fact that there was a security issue. > > The wiki really contains only guidelines. Don't follow every sentence by > the book. I suggest to look at the changelog history of a package before > you send a contact email. If members of the LTS team have worked on it > several times before, then there is no need to ping the maintainer > again. We have handled it in the past, so we will handle it again. We > should also make sure that there is a proper bug report before we send > an email because otherwise the maintainer might feel taken by surprise. > > Markus > > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
