Re: About the security issues affecting ruby-rest-client in Wheezy

[Raphael Hertzog <hertzog@debian.org>]

On Thu, 26 May 2016, Ola Lundqvist wrote:
> Hello dear maintainer(s),
> 
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Wheezy:
> https://security-tracker.debian.org/tracker/CVE-2015-1820

Hello Ola,

I'm not sure if you got the process right here. Ususally that kind of mail
is sent by the person doing frontdesk triaging and this week it's supposed
to be Thorsten Alteholz.

So that mail is sent (with the help of bin/contact-maintainers) by the
person doing CVE triaging when the package gets added to dla-needed.txt.

If the package is already listed in dla-needed.txt, someone in the LTS
team decided that it was worth being fixed. After further investigation
you can obviously decide that it's not the best course of action but then
you would usually query the person who did the initial investigation and
reply to the initial mail with more details explaining your point of view.

(That package might have been taken over from dsa-needed.txt and thus we
might not have any initial contact email... but still someone added it
there.)

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/