On Thu, 2014-01-30 at 22:03 -0300, brian d foy wrote: > > I'm writing to request co-maintainer status on Email::Address::List > > for ALEXMV and FALCONE. The current maintiner, RUZ, hasn't responded to > > several requests for such over the last week and a half, and a new > > release is necessary to close a denial-of-service vulnerability, > > CVE-2014-1474. > > I think we still should go through our usual process for this, so this > is a bit soon for the authors to respond. > > Has Best Practical responded to pull requests?
I think you may be misunderstanding; I am writing on _behalf_ of Best Practical, who would like to assume maintainership. As I noted in my previous email, we maintain the repository for the module in question, in fact -- which was originally written when Ruslan was a Best Practical employee. As such, I don't see how "Best Practical responding to pull requests" is relevant. How long of a delay is the usual process? As long as version 0.03 remains an unauthorized release, any code using Email::Address::List will be vulnerable to a trivial denial of service attack. - Alex
