On Sun, Sep 14, 2014 at 6:15 AM, Bart Martens wrote: > Again, see this part of the FAQ : > https://www.debian.org/security/faq#contrib > > | If it is possible to fix the problem, and the package maintainer or > someone > | else provides correct updated packages, then the security team will > generally > | process them and release an advisory. > > It is possible to fix the problem, and the package maintainer has provided a > correct updated package, so why is the security team not processing it and > release an advisory ?
That isn't the actual practice, so that wording needs to be corrected. > If it's due to lack of time, can I help with this ? It is not lack of time; it is lack of appropriateness. The current practice is for the release team to handle all stable updates to contrib and non-free packages. The security team still can sometimes do that if it's really necessary, but it's been years since that has happened. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
