Re: How to manage security issues when the maintainer is not the developer

To: debian-devel@lists.debian.org
Subject: Re: How to manage security issues when the maintainer is not the developer
From: Mark Brown <broonie@sirena.org.uk>
Date: Wed, 16 Apr 2008 13:01:06 +0100
Message-id: <[🔎] 20080416120100.GA2498@sirena.org.uk>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] fe088fa40804160455i67611674x7e4d78707f0ec75b@mail.gmail.com>
References: <[🔎] fe088fa40804160455i67611674x7e4d78707f0ec75b@mail.gmail.com>

On Wed, Apr 16, 2008 at 01:55:51PM +0200, Andrea De Iacovo wrote:

> How do you think a maintainer should manage security issues when he is
> not the package developer? Should he/she either work alone to make
> patches or wait for the upstream patches/relases that solve the bug?

As ever, the best thing tends to be to work with upstream.  If the issue
is an upstream one then upstream really needs to be involved in getting
the fix released.

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."

Reply to:

References:
- How to manage security issues when the maintainer is not the developer
  - From: "Andrea De Iacovo" <andrea.de.iacovo@gmail.com>

Prev by Date: How to manage security issues when the maintainer is not the developer
Next by Date: Re: How to manage security issues when the maintainer is not the developer
Previous by thread: How to manage security issues when the maintainer is not the developer
Next by thread: Re: How to manage security issues when the maintainer is not the developer
Index(es):
- Date
- Thread