On Sat, 2006-07-29 at 08:48 +0200, Martin Schulze wrote: > There's a nother problem with team maintained packages. The Security > Team has to work on packages that are team-maintained in sid every > once in a while. Often we want to get in touch with the maintainer > privately before disclosure or before releasing the advisory. > > With team-maintained packages, the maintainer address often points to > a mailing list, so we can't talk to them. Even worse are packages > in whose changelog the entries aren't signed by a real person but > by a list address as well. That's some sort of anonymous maintenance. I understand the problem, but this is more a question of implementation. Indeed, it's important to always specify who's part of the team, and if you ask me, there always needs to be a "head maintainer" or team leader who bears the final responsibility for the package. Much like the Maintainer vs Uploaders situation. Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part