On Sat, 2006-07-29 at 08:48 +0200, Martin Schulze wrote:
> There's a nother problem with team maintained packages. The Security
> Team has to work on packages that are team-maintained in sid every
> once in a while. Often we want to get in touch with the maintainer
> privately before disclosure or before releasing the advisory.
>
> With team-maintained packages, the maintainer address often points to
> a mailing list, so we can't talk to them. Even worse are packages
> in whose changelog the entries aren't signed by a real person but
> by a list address as well. That's some sort of anonymous maintenance.
I understand the problem, but this is more a question of implementation.
Indeed, it's important to always specify who's part of the team, and if
you ask me, there always needs to be a "head maintainer" or team leader
who bears the final responsibility for the package. Much like the
Maintainer vs Uploaders situation.