[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Maintainership, vanishing or absent maintainers (QA)

Previously Marco d'Itri wrote:
>  >	- critical security fix:	2 days.
> I think those fixes should be uploaded as fast as possible by anyone
> willing, if a remote root exploit for some package like apache or ssh
> is published users can't just shut down their machines for two days if
> there is no know workaround.

Not by anyone willing please.. what the security team does in cases like
this is immediately bug the maintainer (via private mail if it is not
a well-known issue or if secrecy has been requested) and if he doesn't
respond quickly enough NMU it. If any random user does this things get
messy which is the last thing that should happen.


This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgptV0Cw40RmC.pgp
Description: PGP signature

Reply to: