security related bug report - no maintainer reaction for 1 year
I am working in the development projekt for the speak-freely package.
One Year and a day ago, i filed this bug report, saying that
o There are security related bugs in the very outdated debian package
o These bugs are fixed by new upstream sources
o I integrated the sources in the new package and added a link in the
o Roman Hodek tried to upload the new package as a NMU which
possibly got lost by the server problems or got cancelled
by the maintainer.
I forgot to say that I sent mail to Martin Mitchell before
with no reaction at all. It seems to be a case of undeclared
and de facto retiring of a maintainer.
Needless to say, that i am quite frustrated, but I am still wanting to
see our ACTUAL package inside debian.
Is it the policy of debian, that a non-active maintainer has the right
to block a package as long as he likes ? I think it can not.
I think this should be reason enough to make a second try of a
NMU possible and to orphan the package.
Debian Bug report logs: package speak-freely
Maintainer for speak-freely is Martin Mitchell <firstname.lastname@example.org>.
Important bugs - outstanding (1 bug)
* #202244: speak-freely: New Version 7.6a fixes buffer overflows
* and tmp races
Package: speak-freely; Severity: important; Reported by:
Johannes Poehlmann <email@example.com>; Tags: patch,
security; 1 year and 1 day old.