Hi,
I was under the impression that we were supposed to contact maintainers
when we add packages to dla-needed.txt, as part of the triage work. That
is, at least, the method documented here:
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
Confident that people doing the triage would do so, I have stopped
double-checking that such work was being done but now, looking at the
python-gnupg package, I noticed nothing was sent out to the maintainer,
at least not with this list in CC. The maintainer and package are not in
data/packages/lts-do-not-call.txt so I think they should have been
contacted first.
Am I missing something here? Did we change this practice, or is this an
oversight?
A.
--
Arguing for surveillance because you have nothing to hide is no
different than making the claim, "I don't care about freedom of speech
because I have nothing to say."
- Edward Snowden
Attachment:
signature.asc
Description: PGP signature