Hi, I was under the impression that we were supposed to contact maintainers when we add packages to dla-needed.txt, as part of the triage work. That is, at least, the method documented here: https://wiki.debian.org/LTS/Development#Triage_new_security_issues Confident that people doing the triage would do so, I have stopped double-checking that such work was being done but now, looking at the python-gnupg package, I noticed nothing was sent out to the maintainer, at least not with this list in CC. The maintainer and package are not in data/packages/lts-do-not-call.txt so I think they should have been contacted first. Am I missing something here? Did we change this practice, or is this an oversight? A. -- Arguing for surveillance because you have nothing to hide is no different than making the claim, "I don't care about freedom of speech because I have nothing to say." - Edward Snowden
Attachment:
signature.asc
Description: PGP signature