On Wed, 2022-11-16 at 08:35 -0500, Zeke Williams wrote: > I have an additional question for if I were to hire someone personally > to maintain certain debian packages. What happens with the security > team if a package has no maintainer and a security vulnerability is > found? Does the security team recompile the package with the patch > even if there is no maintainer? Is it more difficult to get involved > with the security team or maintainers team? Anyone can contribute security updates to Debian. The security team do a lot of the work on that and they work on any package in Debian. They do not fix every security issue, some minor issues are left either without fixes or for someone else, usually the package maintainer. Joining the security team can only happen after one is already a Debian member and presumably after the person has been contributing security fixes for some time without being part of the team yet. If someone wants to get involved in improving Debian security, please have them take a look at our pages about Debian and security support: https://www.debian.org/security/ https://www.debian.org/security/faq https://wiki.debian.org/Teams/Security https://security-team.debian.org/ https://security-tracker.debian.org/tracker/ https://security-tracker.debian.org/tracker/data/report https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#bug-security -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part