Re: How to manage security issues when the maintainer is not the developer

To: debian-devel@lists.debian.org
Subject: Re: How to manage security issues when the maintainer is not the developer
From: Lars Wirzenius <liw@liw.fi>
Date: Wed, 16 Apr 2008 15:05:44 +0300
Message-id: <[🔎] 1208347545.14230.136.camel@dorfl.globalsuite.net>
In-reply-to: <[🔎] fe088fa40804160455i67611674x7e4d78707f0ec75b@mail.gmail.com>
References: <[🔎] fe088fa40804160455i67611674x7e4d78707f0ec75b@mail.gmail.com>

On ke, 2008-04-16 at 13:55 +0200, Andrea De Iacovo wrote:
> How do you think a maintainer should manage security issues when he is
> not the package developer? Should he/she either work alone to make
> patches or wait for the upstream patches/relases that solve the bug?

If the package maintainer in Debian can do something to make a security
problem be fixed faster, they should do that. If they can provide the
patch themselves, good. If they can't do that, perhaps they can help or
encourage or recruit someone else to do that, also good. If nobody can
do anything, bad.

The point is to get the problem fixed, not to worry about whose
responsibility it is or who gets the credit or what makes someone look
bad.

Reply to:

References:
- How to manage security issues when the maintainer is not the developer
  - From: "Andrea De Iacovo" <andrea.de.iacovo@gmail.com>

Prev by Date: Should SONAME bumps always go through NEW
Next by Date: GnuPG: Maintainer inactive?
Previous by thread: Re: How to manage security issues when the maintainer is not the developer
Next by thread: GnuPG: Maintainer inactive?
Index(es):
- Date
- Thread