It is my assumption that this bug opened because the security team was left with a stable package that nobody on the pkg-voip-team was maintaining, so I understand why they don't want that to happen again, especially with a package with as many CVEs as asterisk. Please correct me if I'm wrong about this.
I would like to deliver confidence about my ability to backport security patches to asterisk. I fail to see how submitting a rendering or workflow bug to the tracker pseudo-package accomplishes this. You still won't know if I can do a backport. I'm only trying to do as little work as possible that does not directly benefit my stated goal of getting asterisk back in stable. I notice that asterisk in oldstable is receiving "non-maintainer" updates. Is the pkg-voip-team allowed to pitch in for this? Is it possible for me to contribute by helping catch up on the backlog of CVEs there? This seems like work I could do right now that directly benefits asterisk, takes work off the security team, and also shows I can do the main thing I will be spending the next three years doing. As for "why are you really joining this team", I am a long time user of asterisk in Debian for my business. I noticed, like many others, that it fell off bookworm. I initially messaged the mailing list with a request to make private builds of the software easier, but your insistence on only doing work that would benefit the official Debian build convinced me to join and fix asterisk the right way. I have no plans to discontinue use of asterisk in my business, so I felt it would be reasonable to commit to the lifecycle of the next release at least. Martin
