On Wed, Apr 16, 2008 at 01:55:51PM +0200, Andrea De Iacovo wrote: > How do you think a maintainer should manage security issues when he is > not the package developer? Should he/she either work alone to make > patches or wait for the upstream patches/relases that solve the bug?
As ever, the best thing tends to be to work with upstream. If the issue is an upstream one then upstream really needs to be involved in getting the fix released. -- "You grabbed my hand and we fell into it, like a daydream - or a fever." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
