Re: How to manage security issues when the maintainer is not the developer
On Wed, Apr 16, 2008 at 01:55:51PM +0200, Andrea De Iacovo wrote:
> How do you think a maintainer should manage security issues when he is
> not the package developer? Should he/she either work alone to make
> patches or wait for the upstream patches/relases that solve the bug?
As ever, the best thing tends to be to work with upstream. If the issue
is an upstream one then upstream really needs to be involved in getting
the fix released.
"You grabbed my hand and we fell into it, like a daydream - or a fever."