[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: Reporting 1.2K crashes

2013/6/28 Charles Plessy <plessy@debian.org>:
> Le Thu, Jun 27, 2013 at 10:28:15AM -0400, Alexandre Rebert a écrit :
>>
>> > I wished the respective report would have been sent to the upstream developers,
>> > not to Debian. We could have been a second resort when upstream does not
>> > react to the reports (not unlikely, admittedly). Now, the Debian maintainer
>> > sees the findings two weeks before the bug is made public. I do not feel this
>> > to be right.
>>
>> I agree with you that it would have been best to contact upstream
>> developers instead of package maintainers. I couldn't find a tool
>> listing upstream developers for a given package however, and that's
>> why we contacted package maintainers instead.
>
> Hi,
>
> while the coverage is still tiny, there is an effort to collect contact
> addresses listed in the debian/upstream file in the VCS where our source
> packages are maintained.
>
>     http://upstream-metadata.debian.net/table/contact
>
> In some cases, it is a valid email address.  Perhaps you can give it a priority
> ?

Dep12 [1] doesn't have a Security-Contact field. Should we add one?
(and maybe a Security-Submit?)

[1]: https://wiki.debian.org/UpstreamMetadata

Regards
--
Mathieu
Reply to: