Re: Re: Reporting 1.2K crashes
2013/6/28 Charles Plessy <firstname.lastname@example.org>:
> Le Thu, Jun 27, 2013 at 10:28:15AM -0400, Alexandre Rebert a écrit :
>> > I wished the respective report would have been sent to the upstream developers,
>> > not to Debian. We could have been a second resort when upstream does not
>> > react to the reports (not unlikely, admittedly). Now, the Debian maintainer
>> > sees the findings two weeks before the bug is made public. I do not feel this
>> > to be right.
>> I agree with you that it would have been best to contact upstream
>> developers instead of package maintainers. I couldn't find a tool
>> listing upstream developers for a given package however, and that's
>> why we contacted package maintainers instead.
> while the coverage is still tiny, there is an effort to collect contact
> addresses listed in the debian/upstream file in the VCS where our source
> packages are maintained.
> In some cases, it is a valid email address. Perhaps you can give it a priority
Dep12  doesn't have a Security-Contact field. Should we add one?
(and maybe a Security-Submit?)