advice needed on how to proceed
(note: I'm not subscribing to this list, please CC me)
Bug#259993 was submitted on one of my package, tagged as a security risk.
Upstream has been quite cooperative in asserting the gravity and is very willing
to fix anything that the submitter can demonstrate. The problem is that some of
the submitter's claims appear questionable and that he refuses to substanciate.
I'm tempted to tag this as wont-fix, but would like this list's input first.
Martin-Éric Racine, ICT Consultant