On Tue, Aug 27, 2013 at 7:18 PM, Russ Allbery <rra@debian.org> wrote:
> IMHO the Security Team should not act as fixers themselves but more as
> proxies, passing information about a security issue to the maintainer of
> the package.
And what happens then if the maintainer doesn't respond?
Then, and only then, as a last resort, the Security Team / LTS Team takes care of the problem
-- Pau Garcia i Quiles http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)