Hi, > I understand. But two weeks might be a bit too short for the majority > of those crashes. Many upstream authors don't get paid for working on > their software.
I first want to clarify the purpose of the two-week delay to make sure we are on the same page.We do not expect upstream developers to fix the bugs in that time frame. The two-week delay allows developers to assess the bugs' seriousness. If the bug is security critical and two weeks is too short to patch it, they can contact us and we'll gladly delay the public disclosure further. If the bug is not security critical however, then I do not see any reason not to submit it on the BTS. If you believe that the delay is too short nonetheless, we can definitely extend it. What would be a reasonable of time for developers to review the bugs then? Thanks, The Mayhem Team Cylab, Carnegie Mellon Univeristy -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caf1as2i313wfuuzpbwwoe6t+eukrn8vm-hmvodrwgh4e0qq...@mail.gmail.com
