[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: package ownership in Debian

On Sat, 2006-07-29 at 08:48 +0200, Martin Schulze wrote:
> There's a nother problem with team maintained packages.  The Security
> Team has to work on packages that are team-maintained in sid every
> once in a while.  Often we want to get in touch with the maintainer
> privately before disclosure or before releasing the advisory.
> With team-maintained packages, the maintainer address often points to
> a mailing list, so we can't talk to them.  Even worse are packages
> in whose changelog the entries aren't signed by a real person but
> by a list address as well.  That's some sort of anonymous maintenance.

I understand the problem, but this is more a question of implementation.
Indeed, it's important to always specify who's part of the team, and if
you ask me, there always needs to be a "head maintainer" or team leader
who bears the final responsibility for the package. Much like the
Maintainer vs Uploaders situation.


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: