Re: How to manage security issues when the maintainer is not the developer
On ke, 2008-04-16 at 13:55 +0200, Andrea De Iacovo wrote:
> How do you think a maintainer should manage security issues when he is
> not the package developer? Should he/she either work alone to make
> patches or wait for the upstream patches/relases that solve the bug?
If the package maintainer in Debian can do something to make a security
problem be fixed faster, they should do that. If they can provide the
patch themselves, good. If they can't do that, perhaps they can help or
encourage or recruit someone else to do that, also good. If nobody can
do anything, bad.
The point is to get the problem fixed, not to worry about whose
responsibility it is or who gets the credit or what makes someone look