On Tue, Aug 27, 2013 at 2:09 PM, Neil McGovern <neil@halon.org.uk> wrote:
Indeed. Look at the security team for example. In theory, if all
maintainers cared enough about the older packages, we woudn't need the
level of people we currently do.
IMHO the Security Team should not act as fixers themselves but more as proxies, passing information about a security issue to the maintainer of the package. Maintainers are not always fully aware some old version of their package is affected by a security issue. OTOH, the Security Team is continually monitoring CVEs, etc.
Or at least, that's how I'd like the Security Team to work. It would alleviate the burden on them and move the bugfixing/security fixing to the people who know the package better and are probably in touch with upstream.
-- Pau Garcia i Quiles http://www.elpauer.org (Due to my workload, I may need 10 days to answer)